Grids,  virtualization,  autonomic  computing  and  other  big  changes  are  starting  to 
shatter  IT  boundaries  and  bring  the  extended  enterprise  to  life.  We  guide  you 
through  the  changes  in  this  owner's  handbook.  Supplement  begins  after  page  30. 
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IPS  TESTED  E 


Network  World  set 
the  standard  with 
groundbreaking 
intrusion-detection 
system  tests,  which  were  conducted 
on  a  live  network.  Now  we’ve  turned 
our  testers  loose  on  intrusion- 
prevention  systems.  Over  five  months, 
we  tested  1 1  products  against  live 
traffic  running  across  networks  in  Los  Angeles, San  Jose, 
and  Tucson,  Ariz.The  result  is  a  definitive  guide  to 
content-based  IPS,  rate-based  IPS  and 
IPS  services. 
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systems 


Network  advances 
to  shine  at  Demo 


■  BY  JOHN  COX 

The  nearly  70  com¬ 
panies  showcasing 
products  at  this  weeks 
Demo  2004  confer¬ 
ence  will  announce 
everything  from  in¬ 
stant  messaging  to 
Web  services  security 
to  network  manage 
ment  tools.  Despite  the 
variety  of  technologies  at  least 
one  theme  is  expected  to 
emerge:  making  enterprise  net¬ 


works  run  smarter 
and  more  securely 
“Were  seeing  a  real 
push  toward  mas¬ 
tering  more  effi¬ 
cient  ways  to  man¬ 
age  and  organize 
systems,”  says  Chris 
Shipley,  producer  of 
the  annual  new  tech¬ 
nology  confab, 
which  is  produced 
by  a  Network  World  business  unit. 
About  three-quarters  of  the 
See  Demo,  page  89 


DEMO 2004 

More  inside 

■  A  sneak  peek  at 
more  cool  stuff  at 
Demo.  Page  64. 

■  Check  out  the 
Web  for  live  show 
updates  from 
Cool  Tools  guru 
Keith  Shaw  at 
www.nwfusion.com, 
DocFinder:  9744. 


Juniper  sets  sights 
on  enterprise  nets 


■  BY  JIM  DUFFY 

Having  given  Cisco  fits  in  the 
carrier  routing  market,  Juniper  is 
gearing  up  to  butt  heads  on  the 
enterprise  side  with  its  $3.4  bil¬ 
lion  bid  for  security  vendor  Net- 
Screen  Technologies. 

Juniper  offered  few  details 
about  the  potential  synergy  but 
industry  watchers  say  the  compa¬ 
ny’s  opportunities  are  many  from 
leveraging  NetScreen’s  strong 
sales  channels  to  delivering  more 
secure  routing  products. 

The  proposed  buyout  marks  a 
dramatic  strategy  shift  for  Juniper, 
which  has  largely  avoided  selling 
into  enterprise  networks,  in  part 


not  to  compete  in  any  way  with 
its  carrier  customers. 

“Juniper  will  have  to  earn  cred¬ 
ibility  [in  the  enterprise  market], 
but  they  have  a  great  start  with 


their  router  pedigree  and  Net¬ 
Screen’s  strength  in  firewall/secu¬ 
rity  market,”  says  Kevin  Mitchell, 
an  Infonetics  Research  analyst. 

See  Juniper,  page  14 


What  they  bring  to  the  party 

By  acquiring  NetScreen,  Juniper  expands  beyond  the 
carrier  equipment  market  into  enterprise  networks. 


Juniper 

NetScreen 

Founded: 

1996 

1997 

Revenue  for  past 
four  quarters 

$701  million 

$223  million 

Primary 

products: 

Core  and  edge 
routers  for 
service  providers. 

Firewall/VPN  gear  from 
SOHO  to  data  center; 
intrusion-detection  and 
-prevention  systems;  SSL 
remote-access  appliances. 

A  Wider  Net 


Doing  the  right  thing,  MCI  style 


We  ace  MCl’s  ethics  test;  has 
the  carrier  learned  its  lesson? 

■  BY  DENISE  PAPPALARDO 

What  would  Julie  do? That’s  the 
question  MCI’s  55,000  employ¬ 
ees  have  been  trained  to  ask 
themselves  and  each  other  every  day 
as  the  carrier  seeks  to  remake  its 
image  in  the  wake  of  the  more  than  $9 
billion  accounting  scandal  that  led  it 
into  the  largest  bankruptcy  in  history 
It’s  also  the  question  I  pondered  two 
weeks  ago  when  MCI  agreed  to  let  me  take  its 
mandatory  ethics  course. 

The  course,  which  I  took  while  sitting  in  front  of 
a  computer  at  MCI’s  Ashburn.Va.,  headquarters, 


consists  of  a  30  to  60minute  online  program  that 
confronts  me  with  a  series  of  ethical  situations. 

The  most  memorable  involves  Julie,  a  ficti¬ 
tious  MCI  employee  who  needs  my  help 
to  navigate  the  dangerous  and  some¬ 
times  murky  waters  of  telecom 
finance.  Should  she  ignore  the  error 
she  discovers  in  a  colleague’s  finan¬ 
cial  report  as  this  co-worker  suggests? 
Or  shoulcj  she  confront  the  colleague, 
who  is  a  friend,  and  get  the  mistake 
fixed?  Armed  with  the  program’s  six  steps 
for  making  ethical  decisions,  I’m  able  to 
steer  Julie  down  the  right  path. 

“People  at  MCI  are  really  very  embarrassed 
about  what  happened  at  their  company  says 
Nancy  Higgins,  who  joined  the  carrier  in 

See  Ethics,  page  16 


Nancy  Higgins, 
MCl's  chief 
ethics  officer 
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in  the  world  for  under  $1000.‘ 


Sizzling  performance.  Refreshing  price.  Not  only  does 
the  Xerox  Phaser  8400  deliver  24  pages  per  minute  in 
black  and  white,  but  it  produces  brilliant  color  prints 


at  the  same  dazzling  speed.  For  under  $1000!  Color  is 
consistently  clear  and  vivid,  print  after  print.  Your 
first  page  prints  out  at  an  industry-leading  6  seconds. 


Learn  more:  xerox.com/offfice/1964  Or  call:  1-877-362-6567  ext.  1964 
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Xerox  Phaser®  8400  is  the  fastest  color  printer 
There’s  a  new  way  to  look  at  it. 


And  when  it  comes  to  convenience,  nothing  is  cooler 
than  the  Xerox  Phaser  8400’s  unique  and  reliable 
solid-ink  technology  which  makes  adding  ink  fast, 
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simple,  and  clean.  In  fact,  our  entire  line  of  color 
printers  is  based  on  the  hot  idea  that  color  printing 
should  be  easy.  To  learn  more,  contact  us,  today.  Cool. 
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News 

■  8  Security  vendors  pul  management  in  spotlight. 

■  8  Maxspeed  launches  patch  management  system. 

■  10  Intel  focuses  on  mobility. 

■  10  Newcomer  boasts  storage  switch  with  smarts. 

■  12  FCC  takes  first  step  toward  VoIP  policy. 

■  12  Start-up  introduces  internal  data  security  appliance. 

■  14  Cisco  teams  with  IBM  on  infrastructure  security. 

■  16  Cisco  strengthens  wireless  LAN  security. 


Infrastructure 

■  17  Users  tap  network- 
monitoring  technology. 

■  17  Start-up  offers  video- 
conferencing  options. 

■  18  Gopan  Systems  spins  disks 
on  demand. 

■  18  Kevin  Tolly:  A  new 

router  in  your  future? 

Enterprise 

Applications 

■  21  Vendors  showcase  security. 

■  21  Brightmail  tries  to  ID 
spammer  sources. 

■  22  Cognos  tightens  planning 
software  integration. 

■  22  Scott  Bradner:  Blindly 
looking  in  the  wrong  place. 

■  24  Special  Focus:  Network 
configuration  tools  evolve. 

Service  Providers 

■  25  MCI  broadening  its  MPLS 
network. 

■  25  Equant  CEO  looks  to  make 
inroads  with  U.S.  multinationals. 

■  28  Johna  Till  Johnson: 

Handling  the  remote-office 
revolution. 


NetWorker 

■  29  Tech  schools  use  Netilla  for 
remote  access  to  powerful  lab- 
based  applications. 

Technology 

Update 

■  63  GFP  optimizes  storage  over 
SONET. 

■  63  Steve  Blass:  Ask  Dr. 

Internet. 

■  64  Mark  Gibbs:  Cascading 
Style  Sheets,  oh  my! 

■  64  Keith  Shaw:  Previewing 
the  cool  stuff  at  Demo. 

Opinions 

■  66  Editorial:  Calling  vendors 
to  a  Virtual  Showdown. 

■  67  Joel  Snyder:  Time  to 
wise  up  about  worms. 

■  67  Thomas  Nolle:  Lessons 
from  the  telecom  rise. 

■  90  BackSpin:  Fighting  spam: 
Theory  and  practice. 

■  90  ’Net  Buzz:  ‘Compassionate 
capitalism'  is  not  an  oxymoron. 

■  85  Career  classifieds. 

Management 

Strategies 

■  77  Cautious  growth:  As  IT  hir¬ 
ing  slowly  increases,  employers 
seek  security,  Web  services,  Linux 
and  business  skills. 


The  New  Data  Center  An  owner's  handbook 

In  this  editorial  supplement,  we  explore  how  grids,  virtualization, 
autonomic  computing  and  other  emerging  technologies  are 
shattering  the  traditional  boundaries  on  applications  and  infor¬ 
mation  and  bringing  the  extended  enterprise  to  life.  Our  layer- 
by-layer  guide  to  the  changes  ahead  begins  after  page  30. 


i  Features 


!!!WILD 


IPS  TESTED 

ON  A  LIVE 

PRODUCTION  NETWORK 

Feature:  App-titude  adjustment:  Network  pros  sink  their  teeth  into  managing  applications.  Page  75. 

Sector  Spotlight  Business  travel  industry:  The  industry  outfits  planes,  trains  and  cars  with  Wi-Fi  to 
attract  and  retain  new  customers.  Page  76. 


Review:  Intrusion-prevention  systems:  we  set  the  bar  last  year  with  our 
"In  The  Wild"  testing  of  intrusion-detection  systems.  This  time  around,  we  set  the  Network  World 
Global  Test  Alliance  trio  of  David  Newman,  Rodney  Thayer  and  Joel  Snyder  loose  on  11  intrusion- 
prevention  products.  For  five  months  we  tested  the  products  on  a  live,  distributed  network  to 
deliver  the  definitive  report  on  rate-based  and  content-based  IPS.  Page  69. 
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j  Interactive 

Forum:  Gartner's  Magic  Quadrant 

Is  it  Bible  or  bunk?  See  what  your  peers  have  to  say  and  add  your 
thoughts. 

IDocFinder:  9745 

Wireless  LAN  Buyer’s  Guide 

We've  compiled  our  largest  buyer's  guide  ever  on  WLAN  equipment. 
Whether  you're  looking  for  an  access  point,  PC  Card  or  trying  to 
decide  between  802.11a,  b  or  g,  take  a  look  at  the  vendor-provided 
information  on  more  than  200  products. 

DocFinder:  9746 

Layer  8:  Caption  contest 

See  who  won  last  week's  caption  contest  and  enter  this  week's  at 
Fusion's  not-just-networking  Web  log.  Take  a  chance  at  glory  —  and 
a  free  prize. 

DocFinder:  9652 

[  Seminars  and  events 

Business  now  demands  more  of  IT  managers 

Maximize  performance  from  current  applications,  optimize  usage  of 
available  bandwidth  and  integrate  operations  with  overall  business 
objectives.  Here's  February's  free  Network  World  Technology  Tour  to 
the  rescue.  Attend  "Network  Management:  The  New  Business  Focus," 
and  master  the  secrets  of  success.  Upcoming  sessions  are  in  Chicago 
and  Santa  Clara. 

DocFinder:  9139 
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j  Columnists 

Wireless  Wizards 

Why  does  a  wireless  system  need  its  own  VPN? 

Adam  in  California  asks:  "My  current  LAN  contains  VPNs  at 
various  locations  throughout  the  enterprise.  Why  does  our 
wireless  infrastructure  need  to  incorporate  additional  VPN 
functionality?"  DocFinder:  9747 

Telework  Beat 

A  notebook  built  for  us 

Net.Worker  Managing  Editor  Toni  Kistner  says  the  new  IBM 
ThinkPad  X40,  which  includes  hard-disk  protection,  advanced 
restore  and  recovery  features,  is  attractive  to  mobile  workers. 

DocFinder:  9748 

Small  Business  Tech 

Wireless  broadband  update 

Columnist  James  Gaskin  says  services  are  proliferating  and 
new  technologies  promise  better  range  and  indoor  antennas. 

DocFinder:  9749 

Digital  Domicile 

Lessons  in  networked  entertainment,  Part  3 
Columnist  Mike  Wolf  says  media  announcements  at  the 
recent  Consumer  Electronics  Show  hold  clues  to  the  future  of 
home  networks.  DocFinder:  9750 


Breaking  News 

Go  online  for  breaking  news  every  day.  DocFinder  6342 
Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  6343 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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Microsoft  gets  knocked  around 

B  Last  week  wasn’t  a  stellar  one  for  Microsoft. The  week  started 
off  bad  when  the  company  had  to  patch  what  some  experts  are 
calling  the  most  serious  flaw  ever  uncovered  in  Windows.  Patch 
MS04-007  plugs  a  vulnerability  in  Windows  NT,  2000,  XP  and 
Server  2003  that  could  allow  a  hacker  to  remotely  execute  code 
on  a  user’s  computer. The  company  that  reported  the  vulnerabil¬ 
ity,  eEye  Digital  Security,  said  it  also  has  informed  Microsoft  of 
seven  additional  security  vulnerabilities  that  have  yet  to  be 
patched. The  company  also  criticized  Microsoft  for  taking  more 
than  200  days  to  issue  MS04-007.  Microsoft  said  it  had  to  perform 
“due  diligence”  to  ensure  the  patch  was  ready  for  release.  Then 
later  in  the  week  Microsoft  confirmed  some  of  the  secret  code 
underlying  its  Win  2000  and  NT  operating  systems  had  been 
leaked  on  the  Internet.  Experts  say  a  breach  of  the  Windows 
source  code  —  a  mix  of  assembler,  C  and  C++  code  —  could 
expose  users  to  an  increase  in  cyberattacks  because  it  would 
make  it  easier  for  hackers  to  find  holes  in  the  operating  systems 
that  they  can  exploit. 

Lawmakers  look  to  limit  'Net  tax  ban 

■  Four  U.S.  senators  plan  introduced  a  bill  last  week  to  re-establish  by  two  years  a  per¬ 
manent  ban  on  Internet-only  taxes  that  passed  through  the  U.S.  House  in  September. 
Senators  opposed  to  the  permanent  ban  in  the  House-passed  Internet  Tax  Non-dis¬ 
crimination  Act  say  the  definition  of  “Internet  access”  in  the  bill  could  result  in  a  ban 
on  taxing  many  telecom  services  as  carriers  of  traditional  telephone  service  move 
more  of  their  traffic  to  the  Internet.  Sen.  Thomas  Carper  (D-Del.)  and  Sen.  Lamar 
Alexander  (R-Tenn.)  said  their  two-year  extension  of  a  five-year  moratorium  would 
continue  the  ban  but  define  Internet  access  as  not  including  telecom  services.  If  the 
Internet  Tax  Non-discrimination  Act  eliminates  taxes  on  telecom  services,  as  oppo¬ 
nents  fear,  the  losses  to  state  and  local  jurisdictions  in  the  U.S.  could  reach  $1 1.7  billion 
a  year,  said  Sen.  Dianne  Feinstein  (D-Calif.). 


“Want  to  know  why  I  invented  Linux?  I’ve 
never  been  able  to  hit  CTRL+ALT+DEL 
with  these  flippers.” 


Gene  DeLuc  of  San  Diego  is  king  of  the  caption  right  now, 
but  we're  crowning  a  new  emperor  every  week  at  Layer  8, 
the  online  home  of  the  best  of  Fusion  and  the  not-just-net- 
working  world  (www.nwfusion.com,  DocFinder:  9737). 
Check  in  on  Mondays  to  see  the  photo  of  the  week  and 
enter  to  win  fame  and  fortune.  Well,  not  so  much  fortune, 
but  fame.  Definitely  fame. 
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Cleaning  up  the  White  House. 

Associated  Press  reported  last 
week  that  the  owner  of 
whitehouse.com,  the 
notorious  Web  address 
that  is  home  to  “adult 
entertainment" 
rather  than  the 
presidential 
headquarters  site, 
says  he  is  ready  to 
sell  out  in  order  to 
keep  his  young  child 
from  getting  taunted  at 
school  regarding  the  family 
business.  The  “real"  White  House 
site  is  at  whitehouse.gov.  >► 


MyDoom  and  gloom.  At  least  two  modified  versions  of  the  record- 
breaking  MyDoom  worm  reared  their  heads  last  week.  One  launched  denial-of-service 
attacks  on  Microsoft’s  Web  site,  while  another  was  designed  to  disable  anti-virus 
software, 


Fightin’  words.  Don’t  call  Vonage  a  phone  company,  warns  Jeffrey  Citron, 
CEO  of  the  IP  services  specialist.  "If  you  have  a  problem  or  a  question  at  4  o’clock 
in  the  morning,  call  us  up.  Try  doing  that  with  Verizon  or  SBC  or  BellSouth." 


Sun  acquisition  to  include  rehiring  of  co-founder 

■  Sun  has  agreed  to  acquire  Kealia,  a  privately  held  server  design  company  in 
California,  and  in  the  process  is  rehiring  one  of  Sun’s  co-founders  to  help  design  the 
company’s  high-volume  servers.  Andy  Bechtolsheim,  Kealia’s  co-founder  and  chief 
executive,  helped  found  Sun  two  decades  ago  while  studying  at  Stanford  University 
with  Scott  McNealy, Sun’s  chairman,  president  and  CEO.  He  led  a  team  that  designed 
Sun’s  workstations,  which  was  its  mainstay  business  at  the  time.  He  will  return  to  Sun 
as  chief  architect  of  its  Volume  Systems  Products  Group,  where  he  will  help  design 
Sun’s  emerging  family  of  servers  based  on  Advanced  Micro  Devices’ Opteron  proces¬ 
sor  and  Intel’s  Xeon  chip,  McNealy  says.  Financial  terms  of  the  deal  were  not 
announced. 

Report:  Oracle  won't  take  'no'  for  an  answer 

■  Oracle  is  preparing  to  battle  U.S.  regulators  in  court  if  they  move  to  block  the  com¬ 
pany’s  $9.4  billion  takeover  bid  for  PeopleSoft, according  to  a  recent  report. Oracle  CEO 
Larry  Ellison  is  rallying  support  from  members  of  the  company’s  board  for  a  court  fight 
in  anticipation  of  a  possible  decision  by  the  U.S.  Department  of  Justice  to  oppose  the 
deal,  according  to  The  Wall  Street  Journal.  Last  week  PeopleSoft  said  officials  from 
the  Justice  Department’s  Antitrust  Division  recommended  that  the  department  block 
the  proposed  acquisition. The  Justice  Department  is  expected  to  make  a  final  decision 
by  March  2. 

'Osama  Found'  irks  AIM  users 

■  A  new  Web-based  game  that  lets  players  pretend  to  catch  Osama  bin  Laden  is  annoy¬ 
ing  AOL  Instant  Messenger  users  with  its  virus-like  self-promotion.  The  game,  called 
Osama  Found,  grabs  names  from  a  user’s  AIM  address  book  and  automatically  sends 
those  users  instant  messages  with  links  to  a  Web  page  where  the  game  can  be  down¬ 
loaded.  AOL  is  aware  of  the  problem  and  is  considering  legal  action  against  the  maker 
of  the  game,  according  to  a  spokesman.  Osama  Found  is  not  a  virus  or  1M  worm,  but 
another  example  of  what  some  call  adware, software  that  runs  in  the  background  on  a 
computer  that  marketers  can  use  to  display  advertisements  and  promotions  on  a  user’s 
desktop,  according  to  AOL. 


AT&T  Wireiess 


Sprint 


Get  information  in  25%  more  places  on  the  Sprint  high-speed  wireless  data  network. 


Your  employees  can  get  email  and  corporate  data  in  more 
places  nationwide  with  Sprint  than  with  AT&T  Wireless. 

The  Sprint  high-speed  wireless  data  network  covers  a  larger  area 
and  more  people  than  the  AT&T  Wireless  GPRS/EDGE  network. 
So  your  employees  can  be  more  productive  in  more  places. 

•  25%  larger  coverage  area 

•  25  million  more  people  covered 

All  this  and,  of  course,  clear  calls  on 
the  nation's  most  complete,  all-digital 
wireless  network  to  make  your 
business  more  effective. 

Get  the  facts  at  sprint.com/facts  or  call 
877-459-8144  for  a  Business  Representative. 


One  Sprint.  Many  Solutions?** 

Voice/Data  PCS  Wireless  Internet  Services  E-Business  Solutions  Managed  Services 


The  Sprint  Nationwide  PCS  Network  reaches  over  245  million  people.  Coverage  not  available  everywhere.  Coverage  claims  based  on  the  Sprint  Nationwide  PCS  Network  and  the  AT&T  Wireless  GPRS/EDGE 
National  Network  excluding  roaming  areas.  Screen  shot  simulated.  Copyright  ©Sprint  2004.  All  rights  reserved.  Sprint  and  the  diamond  logo  are  trademarks  of  Sprint  Communications  Company  L.P 
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Vendors  link  security  to  management 

New  and  upgraded  products  address  provisioning,  intrusion  prevention,  mainframe  databases. 


U  NetworkWorld _ 

Maxspeed 
speeds  up 
patch 
mgmt. 

K  BY  JOHN  FONTANA 

Patch  management  is  on  the 
minds  of  every  IT  organization, 
and  thin-client  vendor  Maxspeed 
hopes  to  ensure  they  don’t  forget 
about  their  embedded  systems. 

The  company  last  week 
launched  its  Maxspeed  Patch 
Management  Service,  which  pro¬ 
vides  centralized  updates  and 
deployment  of  critical  patches 
for  thin  clients  using  Microsoft 
Windows  XP  Embedded  soft¬ 
ware.  Initially  the  service  is  avail¬ 
able  only  to  Maxspeed  custom¬ 
ers  using  its  MaxTerm  8300  and 
8400  thin  clients  and  Maxspeed 
Management  Software  (MMS). 
The  company  plans  to  add  simi¬ 
lar  services  for  embedded  Linux 
and  Microsoft’s  CE.Net  in  the 
next  30  days. 

“In  the  beginning,  we  weren’t 
that  aware  of  patching  these  thin 
clients,”  says  Michael  Fabrico,  IT 
director  for  Alpha  Shirts,  a  Phila¬ 
delphia  company  that  distributes 
apparel  to  the  sportswear  in¬ 
dustry.  But  after  some  of  Alpha 
Shirt’s  100-plus  thin  clients  were 
hit  with  the  Welchia  worm  late 
last  year,  Fabrico  said  thin-client 
patching  became  a  priority 

Microsoft  typically  releases 
patches  for  embedded  systems 
30  to  60  days  after  the  patches  for 
its  desktop  and  server  operating 
systems,  such  as  last  week’s  criti¬ 
cal  patch  to  address  the  ASN.l 
vulnerability 

With  its  service,  Maxspeed 
takes  the  patches  for  XP  Pro¬ 
fessional  the  day  they  are  re¬ 
leased  and  re-engineers  and 
tests  them  for  deployment  on 
XP  Embedded.  The  process 
takes  about  two  days,  according 
to  Wei  Chang,  president  and 
CEO  of  Maxspeed,  which  com¬ 
petes  with  thin-client  rivals  Wyse 
Technology  and  Neoware.  The 
patches  can  then  be  down¬ 
loaded  by  Maxspeed  users  and 
distributed  on  up  to  100,000 
clients  using  MMS.  “In  the  thin- 
client  world  you  need  99.999 
uptime,  and  that  is  why  we  have 
developed  this  fast  patch  re¬ 
sponse,”  Chang  says. 

“The  thin  client  is  much  safer 
than  the  PC, but  they  still  need  to 
be  patched  and  updated,”  says 
Bob  O’Donnell,  an  analyst  for 
IDC.  ■ 


■  BY  NETWORK  WORLD  STAFF 

Security  vendors  will  be  unveil¬ 
ing  a  slew  of  products  over  the 
next  two  weeks  that  are  designed 
to  manage  and  make  sense  of 
security  events,  provision  users, 
spot  vulnerabilities  and  secure 
data  on  mainframe  networks. 

Security  information  manage¬ 
ment  (SIM)  vendors  ArcSight, 
High  Tower  and  netForensics 
separately  will  announce  new 
product  versions  and  additional 
features. 

SIM  software  automates  the  col¬ 
lection  of  event  log  data  from 
security  devices,  helping  users 


manage  information  from  dis¬ 
parate  devices  and  systems  on  a 
common  management  console. 
The  products  use  data-aggrega- 
tion  and  event-correlation  fea¬ 
tures  and  apply  them  to  event 
logs  generated  from  firewalls, 
proxy  servers,  intrusion-detection 
systems  (IDS),  servers  and  anti¬ 
virus  software. 

NetForensics  next  week  will  in¬ 
troduce  two  software  add-ons  to 
the  company’s  SIM  netForensics 
platform  at  the  RSA  Conference 
in  San  Francisco.  Security  Post¬ 
ure  Analysis  1.0  provides  infor¬ 
mation  on  assets  such  as  users, 
applications  and  business  pro¬ 
cesses  affected  by  security 
events,  while  Incident  Res¬ 
olution  Management  1.0  offers 
tools  to  better  manage  the 
process  involved  in  responding 
to  problems. 

With  its  new  impact  analysis 
and  workflow  templates,  net¬ 
Forensics  made  it  easier  to  relate 
security  events  with  pre-set  busi¬ 


ness  priorities. 

“The  upgrades  would  allow 
users  to  make  more  rapid  deci¬ 
sions  about  whether  they  need 
to  react  to  a  security  event,”  says 
James  Hurley,  a  group  vice  presi¬ 
dent  at  Aberdeen  Group.  The 
software  add-ons  will  be  avail¬ 
able  upon  announcement  and 
work  with  netForensics’  flagship 
software.  Pricing  for  the  platform 
starts  between  $20,000  and 
$50,000,  and  scale  depending  on 
the  number  of  users  and  software 
add-ons  purchased. 

Competitor  ArcSight  this  week 
will  launch  Version  3.0  of  its  flag¬ 
ship  software  of  the  same  name. 


Company  officials  say  the  latest 
release  can  handle  more  events 
per  second,  compress  data  to 
let  security  managers  store 
more  security  information  and 
link  security  events  to  business 
applications. 

“Security  and  line  of  business 
are  two  worlds  that  have 
remained  distinct,”  says  Hugh 
Njemanze,  CTO  at  ArcSight. 

Aberdeen’s  Hurley  says  Arc- 
Sight,  netForensics  and  others 
need  to  work  harder  on  relating 
security  problems  to  business  im- 
pact.“It’s  the  biggest  problem,”  he 
says.  “Senior  business  executives 
don’t  realize  they  need  security 
until  something  happens.” 

ArcSight  3.0  is  expected  to  ship 
within  60  days.  Pricing  starts  at 
about  $100,000. 

High  Tower  this  week  will  make 
available  its  TowerView  software 
packaged  on  appliances.Tower- 
View  collects  data  and  events  in 
real  time  from  network  and 
security  devices,  such  as  fire¬ 


walls,  IDSs  and  routers.  Tower- 
View  uses  100  pre-packaged 
rules  and  a  rules  processing 
engine  to  perform  statistical 
analysis  and  correlation. 

The  TowerView  1000  appliance 
is  designed  to  correlate  data  from 
up  to  30  devices,  while  the  Tower- 
View  2000  appliance  is  designed 
to  correlate  data  for  30  to  90  de¬ 
vices.  Pricing  starts  at  $48,000. 

Despite  the  enhancements  to 
SIM  products,  John  Pescatore,  a 
vice  president  with  Gartner,  says 
vendors  need  to  add  more  capa¬ 
bilities  to  meet  security  special¬ 
ists’  needs  this  year. 

“Security  managers  need  more 
than  data  from  raw  logs.  They 
need  compliance  enforcement, 
Web  and  application  server  con¬ 
figuration  management,  and 
Linux  support  needs  to  be  in¬ 
cluded,”  he  says. 

Also  this  week,  Maxware, 
known  for  its  meta-directory 
technology,  will  introduce  provi¬ 
sioning  software  called  Identity 
Center.  The  software,  which  also 
will  be  featured  at  the  RSA  Con¬ 
ference,  includes  a  workflow  en¬ 
gine  for  provisioning  users  and 
resources  across  a  network  using 
a  set  of  rules  and  policies  stored 
in  its  database. 

The  software  is  part  of  Max- 
ware’s  overall  identity-manage¬ 
ment  lineup.  Identity  Center  fea¬ 
tures  include  user  self-service, 
notifications,  event  escalation, 
password  reset  and  a  connector 
library  The  software  costs  $17.50 
per  user  for  10,000  users. 

TippingFbint  Technologies  this 
week  is  introducing  a  version  of 
its  UnityOne  software  ($25,000) 
that  adds  traffic  shaping  to  intru¬ 
sion-prevention  capabilities  so 
networks  can  remain  unclogged 
by  malicious  traffic  floods.  (Read 
more  on  page  69.) 

Once  customers  use  the  compa¬ 
ny's  intrusion-prevention  system 
to  set  baselines  for  network  traffic, 
they  can  set  thresholds  for  throt¬ 
tling  certain  traffic  types  if  the 
gear  detects  unusual  behavior. 

The  company  says  the  traffic 
shaping  can  be  used  to  block  or 
limit  outbound  peer-to-peer  traf¬ 
fic  so  corporate  machines  don’t 
become  public  servers  for  music 
file  sharing  and  other  peer-to- 
peer  applications.This  capability 
can  be  used  to  give  priority  to 
voice  traffic.TippingPbint  says  its 
Digital  Vaccine  service  also  will 
send  updates  to  protect  VoIP  traf¬ 
fic  from  exploits  designed  to  dis¬ 


rupt  voice  traffic. 

“Integrated  boxes  that  perform 
multiple  security  functions  can 
be  more  intelligent  and  efficient 
when  analyzing,  say,  packets  as 
they  flow  through  the  box,”  says 
Lance  Travis,  a  vice  president 
with  AMR  Research.  “But  the 
downside  is  they  can  represent  a 
single  point  of  failure  on  the  net.” 

In  an  effort  to  help  users  sim¬ 
plify  IT  infrastructure  while  keep¬ 
ing  it  secure,  IBM  last  week  an¬ 
nounced  updates  to  its  main¬ 
frame  operating  system  to  en¬ 
able  multi-level  security  access 
to  database  information. 

The  security  features  in  z/OS 
1.5  work  with  IBM’s  DB2  Uni¬ 
versal  Database  for  z/OS  Version 
8  to  let  users  centrally  manage 
multi-tiered  access  to  informa¬ 
tion  based  on  a  user’s  security 
clearance.  Typically,  government 
agencies,  financial  institutions 
and  other  organizations  with 
strict  security  requirements  have 
to  run  separate  databases  to  iso¬ 
late  confidential  information,  re 
suiting  in  duplicate  infrastruc¬ 
tures.  The  multi-level  security 
technology  lets  IT  managers 
consolidate  these  systems,  says 
Jim  Porell,  chief  strategist  for  IBM 
zSeries  Software. 

“In  our  environment,  the  z/OS 
security  server  provides  a  single 
control  point  and  a  single  point 
for  compliance  analysis  and 
auditing  across  the  database, 
operating  system  and  network,” 
he  says. 

The  z/OS  1.5  and  DB2  Uni¬ 
versal  Database  for  z/OS  Version 
8  are  scheduled  for  availability 
March  26.  Pricing  for  zOS  is 
based  on  monthly  license  fees 
that  depend  on  use.B 
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■  THIS  WEEK’S  QUESTION: 

What  does  Juniper 
call  its  routing  operating 
system? 

Stumped?  Get  the  answer  online. 

Visit  Network  World  Fusion  and  enter 
2349  in  the  Search  box. 

www.nwflision.com 
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NetForensics  software  collects  and  correlates  security  events  from  multi¬ 
vendor  security  devices.  In  this  example,  the  management  console  makes 
the  security  manager  aware  of  a  problem  with  a  TippingPoint  device. 


A  NETWORK  OUTAGE  THREATENS 
TO  SHUT  DOWN  GLOBAL  DISTRIBUTION 


OURS  TO  FIND 


CAN  YOUR  SOFTWARE  KEEP  BUSINESS  FROM  DISAPPEARING? 


And  protect  the  delivery  of  vital  business  services 
like  sales,  customer  service,  online  transactions, 
logistics  and  distribution — whatever  is  most 
critical  to  your  company's  success.  It's  enterprise 
management  software  that  works  with  your  existing 
IT  resources  to  let  you  manage  what  matters  from 
a  business  perspective  and  execute  with  precision. 
Find  out  how  at  www.bmc.com/bsm35 


Business  Service  Management  solutions  from 
BMC  Software®  can.  In  fact,  they  let  you  predict 
critical  performance  problems  and  resolve  them 
before  they  ever  impact  your  business.  And  you 
can  prioritize  IT  management,  investments  and 
resource  allocations  to  optimize  your  business 
performance.  So  you  can  solidly  align  your  IT 
investments  with  strategic  business  goals. 


2004  BMC  Software  Inc. 
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Intel  sheds  light  on  64-bit  plans 


■  BY  JENNIFER  MEARS  AND 
JOHN  COX 

Intel  plans  to  use  its  Developer 
Forum  this  week  to  unveil  prod¬ 
ucts  and  lay  out  its  technology 
road  map  aimed  at  giving  busi¬ 
nesses  tools  to  run  more  com¬ 
plex  applications  faster, 

CEO  Craig  Barrett  is  expected 
to  open  the  event  Tuesday  with 
a  keynote  address  that  includes 
the  latest  on  the  company’s 
plan  to  bring  64-bit  extensions 
to  Intel’s  x86  chips. 

The  event,  located  in  San 
Francisco,  will  include  16  prod¬ 
uct  announcements  from  Intel, 
ranging  from  high-speed  wire¬ 
less  interconnects  to  updates  to 
the  Xeon  processor  to  technol¬ 
ogy  to  create  digital  homes,  a 
spokesman  says.  More  than  100 
third-party  vendors,  including 
Dell,  HP  and  IBM,  also  will 
make  announcements.  Show 
organizers  expect  about  4,800 
people  to  attend. 

While  the  event  traditionally 
has  been  hardware-focused, 
this  forum  will  include  a  Solu¬ 
tion  Conference  aimed  at  soft¬ 
ware  developers  and  IT  man¬ 
agers  looking  to  see  how  tech¬ 
nology  can  be  applied  to 
address  specific  issues. 

Discussions  will  revolve  around 
technologies  for  vertical  indus¬ 
tries  such  as  radio  frequency 
identification  in  the  retail  mar¬ 
kets  and  mobile  computing  in 
the  healthcare  and  manufactur¬ 
ing  industries,  says  John  Davies, 
vice  president  of  the  sales  and 
marketing  group  and  director  of 
the  solutions  market  develop¬ 
ment  group  at  Intel. 

But  most  of  the  news  will 
come  out  of  the  Systems  Con¬ 
ference.  While  a  spokesman 
would  not  confirm  or  deny 
reports  that  Intel  was  planning 
to  demonstrate  64-bit  extension 
technology  for  chips  using  the 
x86  instruction  set,  he  did  say 


“the  subject  will 
be  brokered.” 

The  technology 
would  enable 

32-bit  processors 
to  run  64-bit  appli¬ 
cations. 

Will  Yamhill 
emerge? 

While  rumors 
have  circulated 
for  some  time 
regarding  an  x86 
64-bit  technology 
within  Intel, 
dubbed  Yamhill,  this  would  be 
the  company’s  first  public 
acknowledgement  that  such 
efforts  are  underway.  In  an 
interview  with  Schwab 
Soundview  Capital  Markets  last 
month,  Intel  President  and 
COO  Paul  Otellini  said  that 
when  the  market  for  x86  64-bit 
extension  technology  arrives 
Intel  “will  be  there.”  But  he  indi¬ 
cated  that  he  didn’t  think  that 
time  had  come. 

Still,  analysts  say  they  would¬ 
n’t  be  surprised  to  see  Intel 
focus  on  this  area  as  Advanced 
Micro  Devices  (AMD)  gains 
support  for  its  32-/64-bit  Op- 
teron  processor. 

Wade  Phillips,  technology/IS 
manager  at  Shakopee  School 
District  in  Minnesota,  would 
welcome  some  sort  of  exten¬ 
sion  technology  in  HP’s  x86- 
based  ProLiant  systems,  wheth¬ 
er  that  be  Opteron  or  Intel. 

“I  have  long  been  a  customer 
of  HP  and  would  like  to  see 
them  develop  and  implement  a 
similar  type  of  program  that 
would  bridge  the  gap  between 
the  applications  that  run  in  my 
environment  today  and  the 
applications  I  will  be  installing 
tomorrow,”  he  says.  “It  will  be 
very  hard  for  the  public  and 
private  organizations  out  there 
to  completely  buy  into  a  64-bit 
architecture  without  any  back¬ 


Intel  CEO  Craig  Barrett  is 
expected  to  talk  up  the 
company's  64-bit  strategy 
this  week  during  its 
Developer  Forum. 
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wards  compatibil¬ 
ity” 

IBM  and  Sun  al¬ 
ready  have  rolled 
out  Opteron-based 
systems,  and  HP 
says  it  recognizes  a 
demand  among  its 
customers  for 
some  type  of  x86 
extension  technol¬ 
ogy  and  is  assess¬ 
ing  its  options  in 
this  area.  Currently, 
Opteron  is  its  only 
choice. 

“If  Intel  announces  Yamhill, 
it’s  clearly  a  reaction  to  AMD,” 
says  Gordon  Haff,  an  analyst 
with  Illuminata.  “Opteron  has 
become  enough  of  a  threat  that 
Intel  appears  to  have  finally 


decided  that  it  can’t  afford  to 
keep  sitting  back  and  ceding 
Xeon  share  for  the  benefit  of  a 
clean  Itanium-standard  64-bit 
story” 

Analysts  say  that  64-bit  exten¬ 
sion  technology  wouldn’t  nec¬ 
essarily  be  a  detriment  to  Intel’s 
64-bit  Itanium  chip  because  the 
processors  are  geared  for  dif¬ 
ferent  workloads.  Itanium  is 
competing  for  heavier  through¬ 
put  computing  needs  now  han¬ 
dled  by  RISC  chips. 

“I  would  expect  Intel  to  be  very 
careful  about  positioning  Xeon 
and  any  sort  of  64-bit  extensions 
in  a  way  that  cannot  be  per¬ 
ceived  as  a  threat  to  Itanium,” 
says  Charles  King,  an  analyst 
with  The  Sageza  Group.“It  will  be 
interesting,  though,  to  see  exactly 


what’s  in  the  box.  AMD  has  some 
patented  goodies  under  the 
hood  that  only  they  own  and  it 
will  be  interesting  to  see  what 
kinds  of  goodies  Intel  is  plan¬ 
ning.  Just  because  they’ll  both  be 
hybrid  x86  chips  doesn’t  mean 
they’ll  be  the  same.” 

Other  areas  Intel  will  focus  on 
include  wireless  and  intercon¬ 
nect  technologies.  The  compa¬ 
ny  will  unveil  its  ultrawideband 
architecture,  which  is  part  of 
wireless  USB  and  uses  a  wide 
frequency  to  transmit  data  at 
rates  faster  than  Wi-Fi. The  com¬ 
pany  also  will  lay  out  its  road 
map  for  the  PCI-Express  serial 
I/O  bus  architecture.  And  it  will 
make  its  first  demonstration  of 
“advanced  switching”  technol¬ 
ogy,  the  company  says.  ■ 


Newcomer  boasts  backbone 
storage  switch  with  smarts 

Sandial  device  supports  policies,  service-level  agreements. 


■  BY  DENI  CONNOR 

Start-up  Sandial  Systems  last 
week  debuted  its  first  product,  a 
Fibre  Channel  switch  designed 
to  give  companies  more  control 
over  applications  supported  by 
their  storage-area  networks. 

The  Portsmouth,  N.H.,  compa¬ 
ny’s  Shadow  14000  Storage 
Backbone  Switch  is  scalable 
from  144G  to  288  2Gbit/sec 
Fibre  Channel  ports,  which 
matches  up  well  vs.  other  direc¬ 
tor-level  devices.  But  the  compa¬ 
ny  is  banking  more  on  the  prod¬ 
uct’s  management  capabilities 
to  differentiate  it  from  offerings 
from  Brocade,  Cisco  and  other 
competitors. 

Sandial’s  box,  which  starts  at 
$150,000,  can  be  configured  to 
provision  network  traffic  on  an 
individual  connection  basis  so 
application  performance  is  opti¬ 
mized.  The  company’s  Shadow- 
View  software  is  used  to  set  policies  and  provide 
performance  reports. 

“What  makes  Sandial  different  is  that  they  are 
focusing  on  network  intelligence  and  network  ser¬ 
vice,”  says  Stephanie  Balaouras,  a  senior  analyst  at 
The  Yankee  Group. 

The  network-oriented  nature  of  the  product  isn’t 
surprising  considering  the  backgrounds  of  the 
Sandial  team,  which  includes  a  large  contingent  of 
ex-Cabletron  engineers  and  a  management  group 
whose  past  companies  included  Bay  Networks 
and  Chipcom. 


Sandial's  Shadow  14000  Storage 
Backbone  Switch  enables  compa¬ 
nies  to  modulate  bandwidth 
depending  on  application  needs. 


Rob  Edwards,  network  infra¬ 
structure  manager  for  Idexx 
Laboratories  in  Westbrook,  Maine, 
chose  a  Sandial  switch  for  his  SAN 
because  of  its  network-switch-like 
capabilities. 

“With  my  network  background,  I 
was  looking  for  a  product  that  had 
the  performance  control  I  had  in 
the  network  world,”  he  says. 

“Sandial’s  switch  has  the  abili¬ 
ty  to  guarantee  availability  to 
disk  for  certain  divisions  with 
high  disk  storage  and  applica¬ 
tion  needs,”  Edwards  says.  “The 
bandwidth  aggregation  and 
policing  equates  to  rate  limiting 
and  traffic  shaping  on  a  tradi¬ 
tional  network.” 

Direct  marketing  company 
Harte-Hanks  in  Billerica,  Mass., 
also  is  exploiting  the  manage¬ 
ment  capabilities  of  the  Sandial 
switch. 

“We  have  service-level  agree¬ 
ments  with  our  customers,”  says 
Scott  Hopkins,  vice  president  of  technology  ser¬ 
vices  and  planning.  “Because  of  the  tools  that 
come  with  the  Sandial  switch,  we  are  able  to 
throttle  and  manage  performance  of  the  switch 
so  that  every  customers’  service  level  is  in  con¬ 
sideration.” 

Sandial,  which  was  founded  in  August  2000  and 
previously  went  by  the  name  Malachite 
Technologies,  has  $61  million  in  funding  from 
Bessemer  Venture  Partners,  DB  Capital  Partners, 
Oak  Hill  Venture  Partners  and  Prism  Venture 
Partners.  ■ 
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FC0  takes  first  step  toward  VoIP  policy 

Opens  table  for  discussion  about  federal  regulation;  VoIP  providers  encouraged. 


■  BY  GRANT  GROSS 

WASHINGTON,  D.C.— The  FCC  last  week 
took  the  first  step  toward  laying  down  rules 
governing  VoIP  service  by  approving  a  pro¬ 
ceeding  that  will  solicit  comments  on  how 
the  emerging  competitor  to  traditional 
voice  services  should  be  regulated. 

In  its  notice  of  proposed  rulemaking,  the 
FCC  will  ask  for  comments  on  whether  VoIP 
should  be  regulated  as  a  substitute  for  the 
highly  regulated  traditional  telephone  ser¬ 
vice  and  whether  the  VoIP  service  connects 
to  the  public  switched  telephone  network 
(PSTN),  among  other  issues.  But  the  lang¬ 
uage  in  the  notice,  to  be  published  within 
weeks,  suggests  that  most  Internet  services 
should  continue  to  be  minimally  regulated. 

The  rulemaking  proceeding  was  the  “cur¬ 
tain  going  up  on  a  really  new  era  of  com¬ 
munications,”  FCC  Chairman  Michael 
Fbwell  says.“This  is  perhaps  the  most  impor¬ 
tant  item  in  communications  history’ 

VoIP  providers  cheered  the  FCC  action, 
saying  the  proceeding  will  provide  regula¬ 
tory  certainty  to  providers  and  customers. 
Even  though  the  FCC  made  no  regulatory 
decisions  on  most  forms  of  V0IPV0IP  ser¬ 
vice  provider  Vonage  welcomed  the  FCC 
rulemaking  as  a  step  toward  creating  a 
national  policy  on  VoIP  regulation,  as 
opposed  to  50  individual  policies  from 


state  public  utility  commissions. 

The  rulemaking  proceeding  is  expected 
to  take  several  months,  but  commissioners 
declared  one  VoIP  offering,  the  Free  World 
Dialup  service  offered  by  Pulver.com, 
exempt  from  most  telecom  regulations. 
Free  World  Dialup,  a  free  service,  lets  mem¬ 
bers  talk  to  each  other  through  software 
installed  on  their  computers.  The  service 
does  not  let  members  place  voice  calls  to 
non-members. 

Other  forms  of  VoIP  will  be  addressed  in 
the  rulemaking  proceeding.  Other  forms  of 
VoIP  include  voice  calls  that  start  as  VoIP 
but  end  up  on  the  PSTN  —  for  example, 
when  a  Vonage  customer  dials  a  customer 
of  a  traditional  phone  service.  Some  major 
telephone  carriers  also  offer  a  third  type  of 
VoIP  —  using  an  IP  network  to  handle  tra¬ 
ditional  phone  traffic,  with  customers 
never  knowing  that  their  phone  call  was 
routed  to  the  Internet. 

Commissioner  Michael  Copps  ques¬ 
tioned  the  Pulver.com  decision,  saying  the 
commission  was  ruling  before  it  worked 
out  many  of  the  regulatory  questions  on 
VoIP  that  will  be  addressed  in  the  rulemak¬ 
ing  proceeding.The  FBI  and  Department  of 
Justice  have  raised  concerns  about  their 
ability  to  wiretap  some  VoIP  calls  without  a 
wiretapping  policy  in  place  before  the  FCC 
ruled  on  Pulver.com’s  petition,  he  notes. 


fcfc This  is  perhaps  the  most 
important  item  in  communi¬ 
cations  history.  99 

Michael  Powell 

Chairman,  FCC 

But  Pulver’s  service  is  an  Internet-based 
service,  like  e-mail,  and  not  a  for-profit  tele¬ 
com  service,  Fbwell  says.  The  FCC  will 
address  concerns  with  law  enforcement 
agencies  to  listen  to  VoIP  calls,  Powell  adds. 

Jeff  Pulver.CEO  of  Pulver.com,  celebrated 
the  FCC  decision.  “The  FCC  has  sent  a 
strong  signal  to  consumers  and  capital 
markets  that  the  FCC  is  not  interested  in 
subjecting  end-to-end  IP  communications 
services  to  traditional  voice  telecom  regu¬ 
lation,”  he  said  in  a  statement. 

The  rulemaking  proceeding  might  deal 
with  more  Internet  services  than  VoIP  — 
the  language  includes  other  undefined  “IP- 
enabled  services”  —  although  the  major 
debate  likely  will  be  about  VoIP  Petitions 
from  Vonage  and  AT&T  have  asked  the  FCC 
to  define  VoIP  regulation,  and  companies 
such  as  AT&T  and  MCI  are  starting  to  con¬ 
vert  some  of  their  voice  traffic  to  VoIP 

“We  need  to  start  asking  the  questions,” 
says  Commissioner  Kathleen  Abernathy 


“While  it  is  premature  to  say  precisely  what 
this  [regulatory]  framework  will  look  like, 
there  is  no  question  that  the  time  is  right  for 
the  commission  to  build  a  record.” 

VoIP  service  raises  questions  about  sev¬ 
eral  regulations  traditionally  applied  to 
telecom  service,  including  call-termination 
access  fees  exchanged  between  carriers, 
the  availability  of  911  service  and  law 
enforcement  wiretapping  rules.  The  FCC 
will  address  the  wiretapping  issue,  part  of 
the  Communications  Assistance  for  Law 
Enforcement  Act  law,  in  a  second  rulemak¬ 
ing  proceeding,  and  the  FCC  will  host  a 
summit  on  91 1  service  March  18. 

The  FCC  also  needs  to  pay  attention  to 
how  VoIP  affects  federal  universal  service 
funds,  which  are  used  to  bring  telecom  ser¬ 
vice  to  rural  and  poor  areas,  Copps  says. 
“[IP  services]  sizzle  with  possibility  for  con¬ 
sumers  and  businesses  alike,”  he  says.  “IP 
applications  will  only  revolutionize  com¬ 
munications  if  everyone  has  access  to 
really  high  capacity  bandwidth.” 

Gross  is  a  correspondent  with  the  IDG 
News  Sewice 's  Washington,  D.  C,  bureau. 
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Software  keeps  an  eye  on  data  leaving  networks 


Data  tracker 

Reconnex’s  G2  Content  Analyzer  lets  users  define  the 
content  they  want  to  track  as  it  crosses  corporate 
networks. 
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Captured  data  is  archived  under 
a  code  name  for  later  retrieval. 


■  BY  TIM  GREENE 

Reconnex  this  week  is  launch¬ 
ing  its  first  product,  a  LAN  appli¬ 
ance  that  tracks  sensitive  data  as 
it  moves  around  corporate  net¬ 
works  and  warns  security  staff 
when  that  data  appears  to  have 
been  compromised. 

Called  G2  Content  Analyzer, 
the  device  hangs  off  monitoring 
ports  on  routers  and  switches 
searching  for  customer-desig¬ 
nated  data  and  logging  any  traf¬ 
fic  containing  that  data.  The 
device  can  filter  traffic  based  on 
parameters  including  protocol, 
source  and  destination  IP  address 
and  key  words  customers  define. 

Watching  out 

Software  on  the  device  reports 
where  monitored  traffic  comes 
from,  where  it  is  going,  and  when 
and  whether  it  is  encrypted.lt  can 
trigger  alarms  to  warn  security 
staff  that  corporate  policy  about 
data  privacy  might  have  been  vio¬ 
lated, such  as  when  sensitive  data 
leaves  the  building  over  WAN 


connections. 

The  G2  is  designed  to  protect 
against  employees  who  try  to  read 
or  steal  data  and  those  who  inad¬ 
vertently  put  it  in  jeopardy  says 
Reconnex  CEO  Donald  Massaro. 

New  government  regulations 
require  companies  to  track  when 
certain  data  leaves  their  net¬ 
works,  says  Paul  Hooper,  CIO  of 


Extreme  Networks,  which  is  beta¬ 
testing  the  G2  analyzer  for  internal 
use.  Firewalls  and  anti-virus  soft¬ 
ware  address  external  threats,  but 
“you  need  to  protect  outbound  as 
well  as  inbound,”  he  says. 

Other  vendors  making  similar 
gear  include  fellow  start-ups  Veri- 
cept  and  Oakley  Technologies, 
says  Eric  Ogren,  an  analyst  with 


The  Yankee  Group. The  Reconnex 
gear  can  be  installed  with  little 
disruption,  he  says.  “They  do  this 
passively  without  having  to  recon¬ 
figure  network  equipment  or 
adding  to  desktop  software,” 
he  says. 

Sounding  alarms 

Because  G2  analyzer  is  not  in 
the  data  stream  it  cannot  block 
traffic.  “But  they  can  send  alarms 
and  get  all  the  powers  that  be 
scurrying  about,”  Ogren  says. 
Alliances  with  router  and  firewall 
vendors  are  planned  so  G2 
alarms  automatically  can  trigger 
other  devices  to  shut  down  ses¬ 
sions  that  might  be  leaking  pri¬ 
vate  data,  Massaro  says. 

Deciding  what  types  of  data 
should  be  watched  can  be  daunt¬ 
ing  for  a  business,  Massaro  says, 
and  should  be  delegated  to  indi¬ 
vidual  departments  to  define.  De¬ 
partments  then  write  policies  re¬ 
garding  how  that  data  is  ac¬ 
cessed,  and  the  G2  appliance 
enforces  them. 

Reconnex  consultants  can  con¬ 


figure  the  G2  or  the  user’s  staff 
can  do  it  by  filling  out  a  form. 

The  analyzing  device  logs  the 
traffic  it  filters  so  companies  have 
a  record  for  regulatory  require¬ 
ments  or  to,  provide  legal  evi¬ 
dence  of  wrongdoing.The  device 
has  1.5T  bytes  of  storage,  and 
users  have  to  wade  through  cap¬ 
tured  data  to  determine  whether 
it  represents  a  security  breach. 

The  device  can  capture  en¬ 
crypted  traffic,  but  not  decrypt  it.  It 
also  can  detect  steganography 
which  is  the  embedding  of  mes¬ 
sages  in  images  within  images. 
The  G2  analyzer  can  be  set  to 
note  the  movement  of  such  traffic, 
flagging  it  as  possibly  suspicious. 

Reconnex  offers  a  30-day  evalu¬ 
ation  service  during  which  it  sets 
up  its  G2  analyzer  and  reports  on 
what  it  finds  out  about  sensitive 
traffic.  The  evaluation  costs 
$10,000  per  device  deployed. 

A  Reconnex  appliance  costs 
$40,000,  but  with  applications 
customers  typically  want,  the 
actual  price  is  closer  to  $60,000, 
according  to  Massaro.  ■ 
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Double  your  productivity  with  Scan2  technology. 


The  best  way  to  stay  ahead  is  to  double  your 
productivity.  Introducing  Scan2  technology 
scan2  from  Sharp.  Sharp’s  Digital  Imagers  with  Scan2 
technology  are  designed  to  scan  two-sided  documents  in 
a  single  pass. 

Now  your  training  manuals  and  white  papers  can  be 
scanned,  copied,  emailed  and  digitally  distributed  quicker 
than  ever  before. 


In  fact,  it's  115%  faster  than  any  other  product  in  its 
class.  Not  only  is  it  like  having  double  the  help,  it  will  also 
allow  you  to  accomplish  more  tasks,  in  dramatically  less  time. 
Together  with  Sharp's  integrated  network  management 
software  and  security  features,  your  digital  information  is 
safe  and  workflow  is  fully  optimized. 

Visit  sharpusa.com/scan2  or  call  1-800-BE-SHARP  for 
more  information. 


The  AR-M550,  AR-M620  andAR-M700: 

.  Operate  at  55,  62  and  70  pages-per-minute 
.  Fully  integrated  network  ready  digital  copier/printers 
.  Include  network  management  software  and  document 
filing  capability 


be  sharp 


*  Results  of  Buyers  Laboratory  Inc.  Document  Feeding  Speed  tests  (originals  per  minute)  in  22  mode  for  Sharp  AR-M550  vs.  the  following  manufacturers' competitive  models:  Canon  iR  5000  and  5020,  HP  9055  MFP,  Konica  7155,  Kyocera  Mita  KM-5530,  Ricoh  Aficio  1055  and  551,  and 
Toshiba  e-STUDIO  550.  ©2003  Sharp  Corporation 
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Strategy  shift 


Juniper  has  rethought  its  position  of  not  selling  into  enterprise  networks. 


JANUARY  2002 

i  (Service  providers  are 
saying,  1  don't  want  my 
vendors  selling  to  my 
customers,  I  want  them 
selling  to  me.'  We've  heard 
them  loud  and  clear.  We  will 
not  compete  with  our 
customers,  ll 

Scott  Kriens 

Chairman  and  CEO,  Juniper  Networks 


FEBRUARY  2004 

felThe  distinction  is 
not  campus  vs.  carriers. . . . 
it's  better  defined  by  the 
requirement  for  mission- 
critical  networks 
[where]  the  problems  are 
important,  complex  and 
rapidly  changing.ll 


Juniper 

continued  from  page  1 

NetScreen.with  revenue  of  $223 
million  for  the  past  four  quarters 
and  900  employees,  is  considered 
one  of  the  top  IPSec  VPN  ven¬ 
dors.  NetScreen  also  became  an 
instant  leader  in  Secure  Socket 
I^ayer  (SSL)  VPNs  with  last  fall’s 
$265  million  acquisition  of  start¬ 
up  Neoteris. 

“This  could  be  an  interesting 
turning  point  in  the  market,”  says 
Jeff  Hurst,  a  general  partner  at 
Commonwealth  Capital,  a  ven¬ 
ture  capital  firm. “The  big  players 
in  network  infrastructure,  espe¬ 
cially  those  focused  on  the  enter¬ 
prise,  have  got  to  have  stronger 
security  stories.  Cisco,  3Com, 
Nokia.  .  .  .  They’ll  all  have  to 
counter  this  move.” 

Juniper  says  the  need  for  better 
network  security  is  “urgent”  and 
“immediate”  among  carriers  and 
enterprise  customers,  which  is 
why  the  market  for  systems  such 
as  NetScreen’s  are  expected  to 
grow  by  50%  over  the  next  three 
years  —  from  $3  billion  last  year 
to  $4.5  billion  in  2006,  according 


to  Infonetics. 

About  80%  of  NetScreen’s  rev¬ 
enue  comes  from  enterprise  cus¬ 
tomers.  Meanwhile,  virtually  all  of 
Juniper’s  comes  from  service 
providers. 

Though  Juniper  has  had  expo¬ 
sure  to  enterprise  customers  in 
the  government,  defense,  finan¬ 
cial  and  educational  research 
markets  —  most  recently  winning 
a  contract  with  the  Defense  Infor¬ 
mation  Systems  Agency  —  the 
NetScreen  deal  is  affirmation  that 
Juniper  plans  to  focus  more  in¬ 
tently  on  this  market.  Acquiring 
NetScreen  means  Juniper  now 
can  address  a  $10  billion  market 
for  router  and  security  products, 
vs.  a  $5  billion  market  for  routers 
alone,  says  Juniper  CEO  Scott 
Kriens. 

But  it’s  also  a  drastic  reversal  of 
a  vow  Juniper  made  not  to  com¬ 
pete  with  its  service  provider  cus¬ 
tomers  by  selling  gear  into  corpo¬ 
rations,  a  business  model  adopt¬ 
ed  by  Cisco  that  Juniper  had  re¬ 
sisted  emulating. 

“It  looks  like  this  is  Juniper’s  way 
into  the  enterprise,”  says  Frank 
Dzubeck,  president  of  consultan¬ 


cy  Communications  Network  Ar- 
chitects.“You  can’t  build  an  enter¬ 
prise  sales  organization  from 
scratch  if  you’re  a  major  compa¬ 
ny  [The  deal]  is  an  investment  in 
a  sales  force,  and  it’s  a  good  one 
because  you’re  getting  revenues 
while  you  bring  your  own  prod¬ 
ucts  into  that  channel.” 


In  discussing  the  deal  last  week, 
Kriens  insisted  that  the  distinc¬ 
tion  between  the  enterprise  and 
carrier  markets  was  “blurring”  or 
outdated. 

“The  distinction  is  not  campus 
vs.  carriers,”  Kriens  said.“That’s  the 
old  way  of  looking  at  the  prob¬ 
lem.  [The  market  is]  not  physical 
—  it’s  virtual.  It’s  better  defined  by 
the  requirement  for  mission-criti¬ 
cal  networks  [where]  the  prob¬ 
lems  are  important,  complex  and 
rapidly  changing.” 

The  explanation  didn’t  fully  sat¬ 
isfy  everyone. 

“There  certainly  are  some  non¬ 
carrier  accounts  that  will  buy  car¬ 
rier-class  routers,  but  that  is  an 
exception,  not  the  rule,”  Info¬ 
netics’  Mitchell  says.“NetScreen  is 
more  than  just  Fortune  100  ac¬ 
counts;  there  are  millions  of 
[small  and  midsize  businesses] 
in  North  America  and  the  world.” 

Some  observers  say  Juniper  can 
no  longer  ignore  the  enterprise 
market  if  it  wants  to  maintain  its 
position  as  a  leading  equipment 
supplier. 

“The  core  networking  leaders 
need  to  have  both  carrier  and  en¬ 
terprise  products  to  remain  at  the 
very  top  tier  of  the  network  equip¬ 
ment  space,” says  Jim  Breyer,  man¬ 
aging  partner  for  Accel  Partners. 
“Start-ups  are  able  to  focus  on 
one  or  the  other,  but  you  can’t  get 
away  with  that  at  the  very  top  tier” 

NetScreen  brings  with  it  enter¬ 
prise  and  small  and  midsize  busi¬ 
ness  channels  to  sell  Juniper’s 
lower-end  M5,  M7i,M10  and  MIOi 
routers  that  are  designed  to  re¬ 
place  the  Cisco  7200/7500  series, 
Mitchell  says. 

He  also  suspects  Juniper  even¬ 
tually  will  unveil  small  remote 
office/branch  office  routers  with 
integrated  security 

But  others  aren’t  so  bullish  on 


the  Juniper/NetScreen  union  Jon 
Oltsik,  senior  analyst  for  informa¬ 
tion  security  at  the  Enterprise 
Strategy  Group,  says  the  heavy 
carrier/enterprise  exposure  of  the 
respective  companies  makes  the 
marriage  a  mismatch. 

“With  well-established  market 
leaders  in  each  space,  this  dual 
account  base  will  not  help  either 
Juniper  or  NetScreen  penetrate 
the  other’s  market  to  any  great  ex¬ 
tent,”  Oltsik  says. 

NetScreen’s  security  portfolio  of 
firewalls  and  VPNs  is  incomplete, 
he  says.  A  more  comprehensive 
offering  includes  gateway  appli¬ 
ances;  authentication,  authoriza¬ 
tion  and  accounting  servers;  and 
“internal”  security  Oltsik  says. 

Juniper  would  have  been  better 
off  to  acquire  smaller  companies 
and  gradually  build  out  its  secu¬ 
rity  portfolio,  he  argues. 

“This  would  have  left  assets  for 
other  acquisitions  and  provided 
Juniper  an  opportunity  to  get 
security-smart,  transition  its  sales 
focus  and  integrate  security  into 
its  products  in  a  much  more  prag¬ 
matic  way’  Oltsik  says. 

Dzubeck  says  the  NetScreen 
gear  could  serve  as  separate 
stand-alone  “intelligent  security 
analysis”  engines  on  behalf  of 
Juniper’s  service-oriented  Uni¬ 
sphere  edge  routers. 

For  now,  though,  operational 
integration  is  under  way.  Net- 
Screen  will  form  the  Security 
Products  Group  within  Juniper. 

The  acquisition  is  expected  to 
close  in  the  second  quarter. 

Executive  Editor  Bob  Brown  and 
Senior  Editor  Tim  Greene  con¬ 
tributed  to  this  story. 

Get  more  information  online. 
DocFinder:  9742 
www.nwfusion.ewn 


Cisco  teams  with  IBM  on 
infrastructure  security 


■  BY  PHIL  HOCHMUTH 

A  collaboration  between  Cisco  and  IBM  on  secu¬ 
rity  could  make  it  easier  for  customers  to  authenti¬ 
cate  IBM-based  laptop  and  PC  clients  on  Cisco- 
based  LAN  and  remote-access  infrastructures. 

The  joint  Cisco/IBM  effort,  announced  last  week, 
will  integrate  security  management  products  such 
as  IBM  Tivoli's  Identity  Manager  with  Cisco’s  Access 
Control  Server  (ACS)  and  make  IBM  laptops  with 
embedded  security  chips  work  more  seamlessly 
with  Cisco  VPN  gear.  Cisco  says  this  integration 
could  let  security  managers  set  up  and  manage  end 
users  more  securely  while  reducing  configuration 
hassles. 

Starting  in  March,  Cisco’s  ACS  —  a  RADIUS-based 
authentication  server  —  will  be  able  to  share  end- 
user  account  data  with  IBM  Tivoli  Identity  Manager, 
a  platform  for  user  account  auditing, policy  creation 
and  single  sign-on.  This  could  let  customers  more 
easily  synchronize  user  security  policies  and  data 
across  Cisco’s  and  IBM’s  respective  hardware  and 
software  security  platforms.  (This  could  include 
Cisco  routers,  switches  and  VPN  gear  managed  by 
ACS,  and  software  applications  tied  to  the  IBM  Tivoli 
software.) 

IBM  joins  anti-virus  vendors  Network  Associates, 
Symantec  and  Trend  Micro  as  part  of  the  Cisco  Net¬ 
work  Admission  Control  (NAC)  program,  an¬ 
nounced  last  November.  NAC  attempts  to  tie  anti¬ 
virus  software  with  Cisco  hardware  to  automatically 
shut  out  unauthorized  or  virus-infected  users  from  a 
Cisco-based  LAN  or  WAN. 

“[NAC]  is  a  very  exciting  technology’ says  Edward 


Gotthelf,  director  of  network  architecture  of  United 
Parcel  Service  in  Mahawah,  N.J.  He  adds  that  updat¬ 
ing  and  managing  end  users’  security  credentials  is 
critical  in  defending  against  worms  and  viruses.“But 
it’s  got  to  be  done  in  an  automated  fashion.To  man¬ 
age  all  that  from  a  human  perspective  is  impossible” 
in  a  large  organization  such  as  UPS,  he  says. 

Gotthelf  says  he  likes  Cisco’s  plan  to  build  access 
control  into  switches  and  routers  in  conjunction 
with  security  partner  software.  “Building  [security 
management]  right  into  the  network  seems  to  make 
sense,”  he  says. 

UPS  uses  Cisco  network  hardware  and  IBM  Tivoli 
Identify  Manager  software.  Gotthelf  says  the  Atlanta 
company  also  will  investigate  ways  to  use  those 
technologies  together  down  the  road. 

Cisco  also  is  integrating  its  VPN  technology  with 
IBM’s  ThinkVantage  security  subsystems,  embedded 
in  IBM  ThinkPad  laptops  and  ThinkCenter  desktops. 
Cisco  says  this  could  let  companies  with  Cisco-based 
VPNs  and  widely  deployed  ThinkPads  manage  re¬ 
mote  access  better  while  lessening  the  burden  of  in¬ 
stalling  and  configuring  client  hardware  and  soft¬ 
ware. 

ThinkVantage  allows  for  a  consolidated  client 
security  configuration,  with  single  sign-on,  and  data 
encryption  and  encryption  key  management.  The 
Cisco/IBM  collaboration  will  let  Cisco  VPN  equip¬ 
ment  recognize  ThinkVantage  clients  and  allow  ac¬ 
cess  to  a  Cisco  VPN  with  less  endpoint  configura¬ 
tion,  according  to  the  companies.  Cisco’s  Security 
Agent  is  a  piece  of  software  used  to  control  network 
access  in  its  NAC  architecture.* 
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top, "“Avoid  conflicts  of  interest,”  and  “Set  met¬ 
rics  and  report  results  accurately!’ 

Communicating  the  company’s  message  of 
integrity  and  educating  employees  on  how 
to  avoid  misconduct  is  an  ongoing  effort  for 
Higgins,  who  previously  oversaw  ethics  at 
Lockheed  Martin  and  Boeing.“We  can’t  deal 
with  any  of  the  problems  we  don’t  know 
about. We  want  to  create  an  environment 
where  people  will  feel  comfortable  report¬ 
ing  [questionable  ethics],” she  says. 

This  notion  is  one  of  the  first  subjects  I  am 
presented  with  as  I  start  the  carrier’s  training 
course.  I  like  being  told  that  I  can  contact 
MCI’s  ethics  office  “without  fear  of  retalia¬ 
tion”  though  being  informed  that  the  office 
would  make  “every  effort”  to  keep  my  identi¬ 
ty  confidential  doesn’t  exactly  give  me  the 
warm  fuzzies. 

Higgins  says  there  are  cer¬ 
tain  actions  over  which  MCI 
doesn’t  have  control.  For 


instance,  if  the  misconduct  1  report  results  in 
legal  prosecution,  MCI  couldn’t  prevent  cer¬ 
tain  information  from  being  revealed  if  the 
company  was  subpoenaed. 

One  way  MCI  addresses  such  concerns  is 
through  an  anonymous  toll-free  number 
where  employees  can  seek  additional  clari¬ 
ty  on  any  topic  covered  in  the  training  or 
report  suspected  unethical  practices.  MCI 
says  it  logged  more  than  400  calls  into  this 
system  in  November,  a  tenfold  jump  from 
July,  before  the  training  program  went  into 
effect. 

Another  message  stressed  in  MCI’s  training 
program  is  that  employees  are  expected  to 
go  beyond  the  “morality  of  duty?’  which  is 
minimum  by  law. 

Malden  Mills,  the  maker  of  Polartec  cloth¬ 
ing  and  no  stranger  to  bankruptcy  court,  is 
presented  as  a  prime  example  of  a  compa¬ 
ny  that  went  beyond  the  call  of  duty  for  its 
employees.  In  the  wake  of  a  devastating  fire 
in  1995,  the  Lawrence,  Mass.,  company  kept 
all  3,000  of  its  employees  on  the  payroll  as  it 
rebuilt  its  facilities. 

While  Malden  Mills’  effort  was  clearly  a 
good  corporate  deed,  I  can’t  help  but  won¬ 
der  how  the  example  might  make  MCI 
employees  feel  about  their  company  Those 
who  have  stayed  with  MCI  through  the 
bankruptcy  process  have  seen  22,000  col¬ 
leagues  let  go,  and  another  1,700  are  on  the 
chopping  block  this  year 
(www.nwfusion.com,  DocFinder:  9738).  Not 
exactly  a  feel-good  story 
Though  what  does  feel  good  is  getting 
through  the  fifth  and  final  module  of  the 
course,  where  I’m  faced  with  a  certification 
statement.  Here  I  have  the  opportunity  to 
verify  that  1  am  focused  on  building  integrity 
at  MCI  and  will  abide  by  the  company’s 
code  of  ethics  and  business  conduct.  I  seize 
the  opportunity  and  click  “submit.” 

After  all,  like  any  good  business  journal- 

Get  more  information  online.  'st’  *  ^ave  no  problem  with 
DocFinder:  9741  trying  to  keep  companies 

www.nwfusion.com  honest.  ■ 


Cisco  strengthens  WLAN  security 


Ethics 

continued  from  page  1 

October  as  its  first  chief  ethics  officer. 
“Employees  are  really  happy  to  see  the  com¬ 
pany  spending  the  time  [on  ethics  training].” 

MCI,  which  is  widely  expected  to  emerge 
from  Chapter  1 1  bankruptcy  protection  by 
April,  has  gone  beyond  ethics  requirements 
placed  upon  it  by  the  bankruptcy  court 
and  Securities  and  Exchange  Commission. 
The  carrier  only  had  to  put  about  1,200 
executive  and  financial,  employees  through 
ethics  training,  but  Chairman  and  CEO 
Michael  Capellas  insisted  upon  training  the 
whole  company  The  training  requires 
employees  to  think  through  a  set  of  theoret¬ 
ical  ethical  dilemmas  ranging  from  basic  to 
extreme  (Are  you  justified  if  you  kill  an 
attacker  in  order  to  defend  your  family?). 

While  it’s  too  soon  to  say  whether  the 
program  will  bring  about  cultural  change 
at  MCI  or  wind  up  as  an  elaborate  public 
relations  exercise,  the  carrier  appears  to 
be  taking  its  opportunity  for  a  second 
chance  seriously. 

For  example,  MCI  chose  not  to  assemble 
its  ethics  program  with  any  fly-by-night 
outfit,  but  rather  with  New  York  University 
School  of  Continuing  and  Professional 
Studies’  Corporate  Learning  Services. The 
program  took  nine  months  to  develop, 
though  the  carrier  had  to  hustle  to  get  it 
in  front  of  employees  last  fall  after  the 
General  Services  Administration  (GSA) 
banned  MCI  from  bidding  on  new  govern¬ 
ment  contracts  because  of  questions  it 
had  regarding  the  company’s  ethics  and 
corporate  governance  programs.  (The  GSA 
has  since  lifted  the  restriction.)  MCI  put 
20,000  employees  through  the  program 
one  week  and  another  20,000  the  next, 
straining  the  Web  servers  hosted  by  the 
university. 

At  MCI  headquarters,  where  about  5,000 
employees  work,  the  company’s  fresh  focus 
on  ethics  is  hard  to  miss,  from  the  “What 
would  Julie  do?”T-shirts  to  banners  and 
posters  down  hallways  and  in  conference 
rooms  that  remind  employees  that  “Our 
code  is  the  standard,  you  make  the  differ¬ 
ence”  and  “Do  the  right  thing,  because  it’s 
the  right  thing  to  do.” 

The  latter  message  could  also  be  called 
Capellas’  mantra.  Not  only  has  he  repeated  it 
in  speeches  and  at  press  conferences,  but 
it’s  in  much  of  MCl’s  printed  employee  mate¬ 
rial,  such  as  its  23-page  code  of  ethics  and 
business  conduct. 

“Do  the  right  thing”  is  also  one  of  the  com¬ 
pany’s  10  guiding  principles,  which  are 
affixed  to  badges  that  employees  wear 
around  their  necks  along  with  their  security 
tags.  Also  on  the  list  is  “Set  the  tone  at  the 
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■  BY  JOHN  cox 

Cisco  last  week  submitted  a  protocol  to  the 
IETF  that  could  serve  as  an  alternative  to  the 
proprietary  scheme  that  the  company  pro¬ 
motes  for  securing  wireless  LANs. 

The  protocol,  which  Cisco  is  submitting  for 
consideration  as  an  Internet  standard, 
addresses  a  security  weakness  in  Cisco’s 
Lightweight  Extensible  Authentication  Pro¬ 
tocol  (LEAP). The  protocol,  which  creates  an 
encrypted  connection  without  the  use  of 
complex  security  mechanisms,  is  scheduled 
to  be  released  next  month  in  software 
upgrades  for  Cisco’s  WLAN  adapter  cards  and 
its  Secure  Access  Control  Server  product. 

The  protocol  is  called  Extensible  Authen¬ 
tication  Protocol  Flexible  Authentication  via 
Secure  Tunneling  (EAP  FAST).  All  EAP  types, 
as  they’re  known,  are  designed  to  work  as 
part  of  the  IEEE  802. lx  authentication  frame¬ 
work,  which  is  finding  its  initial  adoption 


in  WLANs. 

Cisco  still  recommends  LEAP  for  wireless 
networks  that  don’t  need  higher  levels  of 
security. 

Last  summer,  Cisco  acknowledged  that  an 
attacker  could  break  into  LEAP  with  a  dictio¬ 
nary  attack,  which  uses  a  protocol  sniffer  to 
capture  part  of  a  LEAP  authentication  session 
and  then  tries  to  guess  the  session  password 
with  a  database  of  commonly  used  and  easi¬ 
ly  remembered  character  sets. 

At  first,  Cisco  recommended  that  customers 
either  use  hard-to-guess  passwords  or  use 
another  authentication  type,  such  as  Pro¬ 
tected  EAP  (PEAP).  Jointly  developed  by 
Cisco,  Microsoft  and  RSA  Security,  PEAP  sets 
up  an  encrypted  connection  or  tunnel,  where 
every  bit  of  data  is  scrambled.  But  these  other 
EAP  types  require  the  use  of  a  complex  digi¬ 
tal  certificate  infrastructure  to  set  up  a  secure  ! 
tunnel  between  two  ends  of  a  network  j 
connection.  ■ 
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Users  tap  network-monitoring  technology 


■  BY  PHIL  HOCHMUTH 

A  little-known  standard  for  real-time 
network  monitoring  is  proving  to  be  a 
valuable  tool  for  some  users  of  high¬ 
speed  networks. 

Although  the  IETFs  sFlow  draft  standard 
has  been  available  for  years,  few  vendors 
have  implemented  it.  But  as  network  traffic 
speeds  grow  to  gigabit  and  10G  in  some 
corporations,  sFlow  will  become  a  more 
important  technology  for  tracking  network 


■  Deli  this  week  refreshed  its  stor¬ 
age-area  network  products  with  the 
introduction  of  three  storage  subsys¬ 
tems  that  are  faster  and  have  higher 
storage  capacities  than  previous 
arrays.  The  CX300,  CX500  and  CX700 
have  almost  three-and-a-half  times 
more  bandwidth  and  twice  the  stor¬ 
age  capacity,  scaling  to  more  than 
58T  bytes.  A  CX300  configured  with 
five  73G-byte  drives,  Navisphere  man¬ 
agement  software,  installation  and 
three  years  of  service  starts  at 
$23,860.  All  three  are  available  now. 

■  The  German  Federal  Finance 
Office  has  implemented  what  IBM  is 
calling  one  of  the  largest  Linux-based 
mainframe  deployments  in  Europe. 
The  Berlin  authority  has  replaced 
more  than  30  smaller  servers  with  one 
mainframe  computer,  IBM's  eServer 
z990,  running  the  open  source  Linux 
system.  IBM  said  last  week.  The  Linux 
deployment  is  part  of  an  agreement 
Big  Blue  struck  in  2002  with  the 
German  Federal  Ministry  of  the 
Interior  to  supply  computers  with 
Linux  at  a  discount  to  federal,  state 
and  local  governments,  and  other 
public  authorities.  The  office  is  the 
largest  of  five  federal  authorities 
under  the  control  of  the  German 
Ministry  of  Finance.  Its  computer  cen¬ 
ter  is  responsible  for  operating  the 
Internet  and  intranet  applications  of 
Germany's  entire  federal  finance 
administration,  providing  service  to 
more  than  120,000  users. 


HOW  IT  WORKS 


Going  with  the  sFlow 

The  monitoring  technology  runs  samples  of  LAN  traffic 
through  an  algorithm  to  give  users  a  detailed  look  at  network 
performance  without  mirroring  every  switch  port. 
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Switches  with  sFlow  agents 
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O  Switches  with  sFlow  agents 
take  random  samples  of  traffic 
from  all  ports  on  the  switch. 


©  Sample  data  is  sent  to  an  sFlow 
collection  server,  where  sFlow  samples 
from  the  network  are  calculated. 


©  Management  workstations 
can  tap  the  sFlow  server  to 
view  an  overall  picture. 


performance  and  providing  network  secu¬ 
rity  experts  and  users  say 

SFlow,  which  the  IETF  approved  as  a  draft 
standard  in  2001,  is  a  technology  that  uses 
random  sampling  of  LAN  and  WAN  data 
packet  flows  across  an  entire  network  to 
give  users  a  detailed,  real-time  view  of  net¬ 
work  traffic  performance,  trends  and  prob¬ 
lems,  according  to  Foundry  Networks  and 
HPBoth  offer  sFlow-based  switches. 

Typically,  network  monitoring  is  accom¬ 
plished  by  putting  a  network  probe  device 
—  such  as  a  PC  running  probe  software  or 
an  appliance  —  onto  a  segment  of  a  net¬ 
work  to  collect  data.  The  probe  is  often 
plugged  into  a  mirrored  port  on  a  LAN 
switch  —  a  port  configured  to  duplicate 
traffic  from  another  port  on  the  switch.The 
probe  will  be  able  to  collect  traffic  data 
only  from  the  mirrored  port. 

SFlow  is  deployed  through  network  man¬ 
agement  information  bases  (MIB)  — 
either  hardware-based  or  software-based 
agents  —  running  on  the  actual  switches 
and  routers  in  a  network.  This  allows  for  a 
broader  picture  of  network  performance, 
sFlow  backers  say;  monitoring  happens  on 
every  port  of  every  sFlow-enabled  switch, 
rather  than  on  just  the  port  or  segment  a 
probe  is  attached  to.  Proponents  of  sFlow 
say  the  technology  allows  for  more  wide¬ 
spread  network  monitoring  because  mir¬ 


roring  every  port  would  be  burdensome 
for  both  network  staff  and  LAN  bandwidth 
—  half  a  switch  would  have  to  be  dedi¬ 
cated  to  port  mirroring  to  achieve  this. 


Instead  of  capturing  and  logging  every 
packet  on  a  switch  or  router  port,  sFlow 
MIBs  take  random  samples  of  packets 

See  SFlow,  page  18 


Start-up  offers  videoconferencing  options 


■  BY  JASON  MESERVE 

Codian.a  U.K.start-up,  is  joining  the  video- 
conferencing  network  fray  with  a  multi¬ 
point  control  unit  for  letting  users  connect 
multiple  H.323-based  audio  and  video 
endpoints  in  one  call.  The  product  is 
scheduled  to  make  its  public  debut  next 
week  at  the  Video  Conference  Summit 
in  New  York. 

A  key  feature  of  the  Codian  4200  is  the 
ability  for  each  video  participant  to 
choose  one  of  35  different  “continuous 
presence”  layouts  for  viewing  other  partic¬ 
ipants.  MCUs  from  competing  vendors 
only  allow  for  one  view  for  all  partici¬ 
pants.  Other  features  include  Web-based 
scheduling,  the  ability  for  a  user  to  call  in 
by  phone  and  have  the  MCU  make  a 
video  call  back  to  their  associated  video 
endpoint,  and  streaming  of  conference 
calls  to  view-only  participants  using 


With  the  Codian  4200  MCU,  users  have  35 
“continuous  presence"  layout  options  to 
choose  from  for  videoconferencing. 


QuickTime  or  RealNetworks. 

Codian  uses  C64  digital  signal  processors 
from  Texas  Instruments  with  proprietary 
audio/video  codecs  and  protocols  to 
power  its  MCU.  It  is  housed  in  a  lU-high 
chassis  with  two  Gigabit  Ethernet  ports  and 
runs  the  NetBSD  operating  system,  says 
David  Halloway  Codian’s  CEO.  The  com¬ 
pany  offers  three  versions  that  can  service 
20,40  or  100  simultaneous  participants.  A 
built-in  Compact  Flash  slot  can  be  used  for 
upgrading  the  MCU’s  firmware  or  upload¬ 
ing  system  configurations. 

There  are  not  many  players  in  the  MCU 


market,  but  those  that  are  include  well- 
entrenched  videoconferencing  veterans 
such  as  Fblycom,  Radvision  and  Tandberg. 
All  three  vendors  have  support  for  the 
newer  H.264  videocompression  standard, 
which  offers  the  same  quality  as  its  H.263 
predecessor  at  half  the  bandwidth.  But 
Codian  initially  is  supporting  only  H.263. 

“They  do  have  a  nice  advantage  using  the 
newer  [Texas  Instruments]  digital  signal 
processors  and  seem  to  have  plenty  of 
headroom  to  grow  in  features  and  capabil¬ 
ity?’ says  Andrew  Davis,  principal  analyst  at 
Wainhouse  Research.  Davis  says  Codian 
could  be  challenged  by  the  fact  it  only  sells 
one  product,  where  its  competitors  have 
complete  lines  of  products  including 
MCUs,  video  endpoints  and  management 
software. 

Codian  is  set  to  begin  shipping  its  prod¬ 
uct  Feb.  23,  with  the  20-user  model  priced 
at  $29,000.  ■ 
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A  new  router  in  your  future? 
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Sitting  where  they  do,  at  the  low-speed 
edge  of  the  network,  WAN  access 
routers  don’t  attract  nearly  as  much 
attention  as  their  flashy  high-density 
Gigabit  brethren  at  the  core.  Yet  the  sheer 
volume  of  access  routers  deployed  at  most 
companies  qualifies  them  for  close  scru¬ 
tiny  Deploying  the  wrong  access  router  to 
dozens  or  hundreds  of  locations  can  be  a 
costly  mistake. 

While  Cisco  holds  a  leadership  position 
in  the  network  marketplace,  it  has  a  stran¬ 
glehold  on  access  routers.  You  can  count 
more  than  a  dozen  firms  that  claim  to  com¬ 
pete  with  Cisco  in  the  enterprise  switching 
space,  but  you’ll  find  only  a  handful  that 
are  taking  on  Cisco  in  WAN  access. 

Of  course,  given  the  size  of  the  market 


and  the  relative  lack  of  competition,  that  is 
incentive  enough  for  some  companies  to 
enter  the  market.  In  just  the  past  18  months 
or  so  for  example,  companies  such  as 
3Com,  Adtran,  Enterasys  Networks, Tasman 
and  Vina  (now  Larscom)  have  marched 
through  our  labs  to  prove  they’re  bona  fide 
competitors  in  this  space. 

In  general,  vendors  vying  for  a  piece  of 
Cisco’s  turf  focus  on  several  compelling 
points.  Why  Brand  X?  “Well,  we  are  faster 
and  less  expensive  than  Cisco,  we  have 
greater  functionality  and  we’ll  work  with 
your  existing  Cisco  network.” 

While  these  statements  can  apply  to  both 
LAN  and  WAN  infrastructure  vendors,  there 
are  key  differences  that  present  unique 
challenges  to  WAN  access  gear  vendors. 

For  starters,  the  traditional  “faster”  argu¬ 
ment  doesn’t  apply  the  same  way  Given 
that  theT-l/E-1  WAN  link  (1.544M  bit/sec  or 
2.048M  bit/sec)  is  the  gating  factor,  it  is 
likely  that  every  WAN  router  on  earth  is  “fast 
enough”  by  this  measure. 

Thus,  router  vendors  have  taken  to  other 


methods  to  show  the  “power”  of  the  plat¬ 
form.  Much  of  our  recent  testing,  for  exam¬ 
ple,  has  focused  on  benchmarking  the 
local  Fast  Ethernet  routing  performance  of 
the  access  router. 

This  is  not  to  imply  that  the  average 
branch  office  needs  wire-speed  routing  on 
its  access  router,  but  rather  to  illustrate  the 
system  has  sufficient  processing  power 
and  memory  to  provide  a  “future  proof” 
platform  —  and  thus  becomes  a  good 
investment. 

Cisco,  for  example,  doesn’t  even  offer 
twin  Fast  Ethernet  ports  on  its  1751.  In 
10M  bit/sec  tests,  it  delivers  just  under 
30,000  packet/sec  where  some  of  the 
competition  on  Fast  Ethernet  tests  reach 
close  to  70,000  pps. 

Interoperability  an  issue  on  the  LAN,  is  a 
bigger  issue  on  the  WAN.  While  on  the  LAN 
there  is  little  direct  interaction  between 
Cisco  and  competing  routers,  serially  con¬ 
nected  WAN  routers  are  tightly  coupled  in 
that  each  has  to  hold  up  its  end  of  the  cho¬ 
sen  link  protocol  —  PPR  High-Level  Data 


Link  Control  or  frame  relay  Interest  in  this 
has  prompted  some  vendors  to  have  us 
conduct  in-depth  interoperability  tests. 

Competing  vendors  say  Cisco  offers  an 
overpriced  and  underpowered  platform 
that  will  require  expensive  (economically 
and  logistically)  upgrades  —  in  effect  forc¬ 
ing  you  to  put  a  new  router  in  place.  The 
competition  adds  that  their  platform  offers 
not  only  short-term  but  also  long-term 
value  by  providing  a  future-proof  platform. 

I’d  like  to  know  what  you  think.  Do  you 
worry  about  having  a  future-proof  WAN 
router?  Do  you  have  confidence  that  a 
non-Cisco  router  can  be  integrated  into 
your  network?  What  are  your  biggest 
access  concerns? 

Send  me  your  thoughts  on  the  subject. 
We’ll  get  them  on  Fusion,  and  I’ll  try  to  dis¬ 
till  them  in  a  future  column. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  testing 
company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktoHy@tolly.com. 


Copan  spins  disks  on  demand 


■ 

PROFILE: 

COPAN  SYSTEMS 

Location: 

Longmont,  Colo. 

Product  name: 

Code-name  Wolf 

Product  type: 

Massive  tertiary  storage  array 

Ship  date: 

April  2004 

Founders  and 
backgrounds: 

Eric  Sumpter,  COO,  RLX,  Dell;  Aloke  Guha, 
CTO,  Datavail;  Will  Layton,  vice  president  of 
business  development,  OpenTable;  Chris 
Santilli,  chief  architect,  Digital  Equipment. 

Funding: 

$14  million 

Funding  source: 

Austin  Ventures,  Globespan  Capital 

Fun  fact: 

Programmers  named  the  company's  products 
after  types  of  cats;  marketing  named  products 
after  types  of  dogs;  the  company's  current 
product  is  code-named  after  the  Wolfhound. 

■  BY  DENI  CONNOR 

Start-up  Copan  Systems  is  put¬ 
ting  a  new  spin  on  tape  backup 
—  the  company  is  set  to  intro¬ 
duce  a  disk-based  library  it  says  is 
as  inexpensive  as  tape  but  has 
none  of  the  disadvantages. 

Copan’s  system  is  derived  from 
a  technology  proposed  by  a  team 
of  researches  at  the  University  of 
Colorado  called  Massive  Arrays  of 
Idle  Disks  (MAID).  MAID  uses  the 
physics  of  tape  —  like  tape,  it  only 
powers  up  and  spins  disks  when 
the  information  on  those  disks  is 
needed.  Copan  says  that  only 
powering  and  spinning  disks 
when  necessary  lets  it  reduce  the 
number  of  I/O  connections,  mem¬ 
ory  and  controllers,  and  thus  strip 
out  much  of  the  cost  of  disk- 
based  back-up  systems. 

“Two  things  happen  when  I 
have  to  spin  disks:  One,  I  have  a 
much  higher  power  consump¬ 
tion,  and  it  ultimately  costs  me 
more  to  run,”  says  Sunny  Vander- 
beck,  CEO  of  managed  hosting 
firm  Data  Return,  who  is  familiar 
with  Copan’s  technology“Two,  the 
life  of  an  individual  drive  that 
runs  all  the  time  will  be  lower, 
which  means  I  have  to  maintain  it 
more.  Now  I’m  back  to  where  I 
started  with  tape  —  I  have  to 
maintain  the  thing  all  the  time.” 

Unlike  tape, which  has  unwieldy 
data-recovery  times,  Copan’s  as- 
yet-unnamed  system  uses  inex¬ 
pensive  Serial  Advanced  Technol¬ 
ogy  Attachment  disks.  The  Copan 


system  uses  an  algorithm  to  deter¬ 
mine  which  disks  should  be  spun 
and  when.  Copan  says  it  takes 
about  10  seconds  to  reactivate  a 
disk,  which  is  much  faster  than 
retrieving  data  from  tape. 

“Operationally  backing  up  to 
tape  vs.  disk  is  a  shocking  differ¬ 
ence,”  Vanderbeck  says.  “We  have 
a  pretty  large  environment  to  run 
with  a  few  thousand  servers, 
which  all  have  to  be  backed  up. 
By  moving  to  disk  I  am  able  to 
[restore  data]  at  wire  speeds.” 

Analysts  also  see  some  benefit 
in  Copan’s  design. 

“Storage  systems  that  provide 
the  benefits  of  tape  but  not  the 
hassles  could  be  appealing  to  a 
lot  of  customers,”  says  Jamie 


Gruener,  a  senior  analyst  at  The 
Yankee  Group.  “The  challenge  re¬ 
mains  proving  out  the  cost  com¬ 
parison  that  suggests  these  sys¬ 
tems  are  as  inexpensive  as  tape.” 

Copan  says  the  cost  of  its  sub¬ 
system  will  be  75  cents  to  $3.50 
per  gigabyte.  It  will  come  config¬ 
ured  in  capacities  of  as  much  as 
200T  bytes.  Disk-based  systems 
cost  about  $10  per  gigabyte. 

Copan’s  competitors,  Asaca  and 
Exavio,  focus  on  storing  DVD  or 
broadcast-quality  streaming  med¬ 
ia,  but  not  on  back-up  technology. 

Enterprise  Storage  Group  says 
that  although  disk  will  never 
replace  tape,  two  years  from  now 
53%  of  all  data  will  be  backed  up 
to  disk  instead  of  tape.B 


SFLow 

continued  from  page  17 

traveling  through  ports.  These 
samples,  called  sFlow  datagrams, 
are  forwarded  to  an  sFlow  collec¬ 
tion  server  on  a  network.  On  this 
box,  the  datagrams  are  run 
through  an  algorithm  that  gener¬ 
ates  a  complete  model  of  net¬ 
work  traffic  based  on  the  sam¬ 
pled  data. 

The  technology  behind  sFlow 
was  developed  jointly  by  engi¬ 
neers  at  InMon,a  maker  of  switch¬ 
monitoring  software,  and  develop¬ 
ers  at  HP  and  Foundry  Networks. 
Vendors  that  incorporate  sFlow 
technology  in  their  LAN  switches 
include  HRFoundry  and  Extreme 
Networks.  Software  support  for 
sFlow  is  included  in  products 
such  as  HP  OpenView,  NetScout’s 
nGenius  Performance  Manager 
and  InMon  Traffic  Server. 

At  The  Moffit  Cancer  Center  in 
in  Tampa,  Ha.,  Foundry  switches 
with  sFlow  are  used  to  measure 
network  performance  and  as  a 
security  tool. 

“SFlow  gives  us  real-time  [net¬ 
work]  statistics,”  on  every  port  in 
the  network,  says  David  Bratt, 
senior  technical  architect  at  the 
center. 

“The  level  of  detail  on  traffic 
patterns  is  excellent,  right  down 
to  the  protocol  and  port  level,” 
Bratt  says.  “If  you  have  someone 
doing  something  wrong  on  the 
network,  you  can  track  them 
down  right  to  where  their  PCs  is 
plugged  in,”  he  says. 

Vince  Rooney,  IT  manager  of 
Kingdon  Capital  Management,  a 


small  New  York-based  hedge 
fund  that  runs  a  large  network 
with  15  Foundry  Biglron  15000 
switches,  also  plans  to  use  sFlow 

“We  have  a  lot  of  real-time  data 
going  through  our  network,” 
Rooney  says.  This  traffic  consists 
mostly  of  trade  executions  that 
average  about  $10  million  per 
trade.  He  says  that  he  expects 
sFlow  to  give  him  a  better  over¬ 
view  of  network  performance. 

“Right  now,  I  use  a  Web-based 
console  on  the  switches,”  he  says. 
“Being  able  to  look  at  more  pack¬ 
ets  and  protocol-specific  informa¬ 
tion  will  be  more  advantageous  to 
me.  It  will  let  me  get  a  little  more 
detail  than  I  would  normally’ 

In  addition  to  providing  real¬ 
time  snapshots  of  network  perfor¬ 
mance,  sFlow  can  be  used  as  a 
network  security  tool,  some  ex¬ 
perts  say 

An  example  is  in  the  detection 
of  unauthorized  network  devices 
acting  as  network  address  transla¬ 
tion  (NAT)  boxes.  This  could  in¬ 
clude  a  commodity  NAT-enabled 
wireless  router, says  Peter  Phaal.an 
author  of  the  sFlow  draft  standard 
and  an  engineer  at  InMon.  While 
NAT  devices  attached  to  a  net¬ 
work  might  appear  as  legitimate 
end  nodes,  these  could  serve  as 
backdoors,  allowing  access  to 
unauthorized  connections,  from 
wired  or  wireless  users. 

Because  sFlow  samples  traffic 
from  every  port  in  a  network, 
sFlow  data  analyzers  can  identify 
nodes  that  are  acting  as  NAT 
devices  on  a  network  by  compar¬ 
ing  subnet  data  among  switches 
and  NAT  devices.  ■ 


The  reliability  makes  it  easy  to  own;  the  price  makes  it  easy  to  buy. 


The  new  HP  ProLiant  DL140,  powered  by  the  Intel"  XeoiT  processor,  delivers  the  expandable  performance  your  workload 


demands.  Now  you  can  get  the  ProLiant  reliability  you  expect  at  a  price  you  might  not— and,  through  February  29,  you'll  get  double  the  memory  for  free.  HP's  newest 
server  is  designed  with  the  latest  industry-standard  technologies  to  keep  it  affordable,  easy  to  set  up,  integrate  and  maintain.  The  reliable,  hardworking  DL140  helps  you 
spend  more  time  focusing  on  your  business  and  less  time  serving  your  server.  Demand  more  of  what  you  need.  Demand  a  server  that's  powerfully  simple  and  HP 
dependable.  Demand  it  for  less  from  HP. 


HP  ProLiant  DL140 
SERVER 

with  Free  Double  Memory 

$1,149 

One  Intel®  Xeon™  processor  2.40GHz 
(upgradable  to  2) 

1 GB  SDRAM  for  the  price  of  5 1 2MB 
(upgradable  to  4GB) 

80GB  ATA  Hard  Drive* 

Integrated  Dual  10/100/1000  NICs 
One  PCI-X  64-bit/133MHz  slot 
Standard  Quick  Deployment  Rails 
1-Year  Limited  Global  Warranty* 


invent 


To  find  out  more,  visit  www.hp.com/go/hp5  or  call  T800-888-5814. 
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Edison's  name  is  synonymous  with  innovation. 
In  Enterprise  Wireless  LANs,  it's  Airespace. 


Edison  is  known,  unquestionably,  as  one  of  history's  greatest 
innovators.  But  what  was  his  first  step  toward  greatness?  He 
gained  an  unparalleled  level  of  expertise  in  his  field.  The  rest 
is  history.  Airespace  takes  the  same  approach  with  their  Wireless 
LAN  systems.  Airespace  is  not  a  switch  company  that  "glued  on" 
an  RF  antenna.  We  came  from  the  RF  side  and  we  have  brought 
together  real  wireless  expertise  with  standards-based  product 
innovations  to  hit  the  air  running. 


The  Airespace  WLAN  system  easily  enables  seamless  ond  secure 
wireless  services  under  load,  including  real-time  applications  such 
as  voice  and  video.  And  unlike  other  WLAN  products,  it  provides 
an  integrated  wireless  prevention  and  protection  system.  Unique 
from  "grounded"  point  appliances,  Airespace  integrates  key 
capabilities  such  as  monitoring,  identity,  and  location  into  the 
infrastructure  rather  than  requiring  a  separate,  overlay  AP  network. 

Learn  more  about  taking  advantage  of  our  expertise  and  innovation 
Visit  www.airespace.com/topten 


airespace 

The  Standard  for*Wireless  LANs 


www.airespace.com 


See  us  at  HIMSS  •  Booth  #5624  •  February  2  3-  26  •  Orlando,  Florida 
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NetworkWorld 


■  PORTALS  ■  MESSAGING/GROUPWARE 

■  E-COMMERCE  ■  SECURITY 

■  MIDDLEWARE  ■  DIRECTORIES 

■  NETWORK  AND  SYSTEMS  MANAGEMENT 

■  WEB  SERVICES 


■  The  Mozilla  Foundation  last 
week  released  a  new  version  of  its 
open  source  Web  browser  with 
improvements  to  its  download  man¬ 
ager,  extension  and  bookmark  han¬ 
dling.  With  its  new  name,  Firefox, 

it  is  aimed  at  skirting  trademark 
complaints  with  the  Firebird 
open  source  database  project. 
Firefox  improves  on  its  predecessor 
with  a  new  download  manager 
aimed  at  tracking  multiple  down¬ 
loads,  easier  bookmark  handling,  a 
new  installer  for  Windows  users  and 
improved  handling  of  extensions, 
Mozilla  said.  Mozilla  members  have 
created  more  than  200  extensions 
or  small  software  applications  that 
can  be  downloaded  to  increase 
the  browser's  features,  including 
an  ad  banner  remover  and  a 
spell-checker. 

The  group  also  released  a  preview 
of  its  Mozilla  Thunderbird  e-mail 
application.  Thunderbird  0.5 

can  synchronize  address  books 
with  devices  from  Palm,  secure 
password  authentication  for  Simple 
Mail  Transfer  Protocol  and  POP3 
mail  clients  and  includes  an  upgrad¬ 
ed  spell-checker  and  dictionary. 

Mozilla  Firefox  0.8  and  Thunderbird 
0.5  are  available  for  free  at  www. 
mozilla.org. 

■  Patch  management  vendor  St. 
Bernard  Software  has  launched 
a  free  opt-in  e-mail  service  to  alert 
users  to  the  latest  Microsoft  secur¬ 
ity  patches  and  critical  updates. 
Users  do  not  have  to  be  customers 
of  St.  Bernard  to  sign  up  for  the 
service. 

The  company  also  has  a  new  Web 
site  for  its  subscribers  that  shows 
which  recently  announced  patches 
have  been  added  to  its  patch  man¬ 
agement  database.  Instructions  for 
subscribing  to  the  free  e-mail  ser¬ 
vice  are  available  on  the  company’s 
Web  site  (see  www.nwfusion.com, 
DocFinder:  9733). 

The  Patch  Update  Web  page  can 
be  accessed  at  www.stbernard 
.com/uepatches. 


Vendors  showcase  security 

Lancope,  Network  Associates  and  Symantec  enhance  hardware,  software. 


■  BY  ELLEN  MESSMER 

Security  vendors  Lancope,  Network 
Associates  and  Symantec  are  looking  to 
address  a  variety  of  user  security  concerns 
with  enhancements  to  intrusion-detection 
systems,  patch  management  and  Secure 
Socket  Layer  VPNs,  respectively 

Lancope  this  month  unveiled  two  new 
models  of  its  StealthWatch  IDS,  the  M45 
and  the  M250  aimed  at  small  to  midsize 
businesses  where  maximum  throughput 
requirements  top  out  at  45M  bit/sec  and 
250M  bit/sec.These  two  appliances,  which 
start  at  about  $10,000,  work  the  same  way 
as  Lancope 's  gigabit-speed  G1  in  scanning 
for  worms  and  network-based  attacks. 

The  boxes  also  are  helpful  in  identifying 
traffic  streams  that  might  indicate  illegal 
activity  on  the  network,  says  Todd  Ferris, 
director  of  privacy  and  data  security  at 
Stanford  University’s  School  of  Medicine, 
which  deployed  StealthWatch  about  six 
months  ago. 

“Lancope’s  StealthWatch  monitors 
based  on  a  profile  of  a  host,  and  when  it 
sees  something  it  hasn’t  before,  it  raises 
the  ‘concern  index,’”  Ferris  says.  After  the 
university’s  medical  school  deployed  the 


IDS  to  monitor  outbound 
and  inbound  Internet  traf¬ 
fic,  they  found  that  comput¬ 
ers  had  been  broken  into 
and  hackers  from  all  over 
the  world  had  taken  over 
FTP  servers  to  exchange 
files,  mostly  DVD  movies 
and  pornography. 

These  kinds  of  unwanted 
occurrences  —  in  combina¬ 
tion  with  computer  worm 
attacks  —  are  spurring  the 
university,  which  has  main¬ 
tained  an  open  atmosphere 
in  terms  of  networking,  to 
add  security  precautions 
that  include  a  firewall  and 
anti-virus  software.  “We  have  machines 
broken  into  every  day”  Ferris  says. 
“Because  of  all  these  things  happening, 
the  university  is  changing  its  stance.” 

Keeping  up  with  computer  software 
patching  to  prevent  worm  and  hacker 
exploitation  remains  a  top  concern. To  that 
end,  Network  Associates  last  week 
announced  that  its  McAfee  ePolicy  Or- 
chestrator  (ePO),  the  security  console  that 


can  collect  information  from 
McAfee  software  agents  for 
servers  and  desktop,  now  will 
be  able  to  detect  whether  a 
Microsoft-based  host  com¬ 
puter  needs  a  patch  update. 
This  would  be  done  by 
adding  what  the  company 
calls  System  Compliance 
Profiler  software  to  ePO. 

“The  System  Compliance 
Profiler,  which  we’re  making 
available  to  existing  cus¬ 
tomers  for  free,  is  a  host- 
based  scanner  to  check  to 
see  if  the  correct  patches 
are  installed,”  says  Steve 
Crutchfield,  group  market¬ 
ing  manager.  The  tool  can  be  configured 
to  search  based  on  the  Microsoft  file,  ser¬ 
vice  registry  key  or  specific  Microsoft 
patch  number’ Network  Associates  has  no 
plans  to  expand  the  tool  into  non- 
Microsoft-based  systems. 

For  its  part, Symantec  has  been  busy  tak¬ 
ing  the  secure  remote-access  SSL  VPN 
software  it  got  by  buying  SafeWeb  last 
See  Security,  page  22 


Stanford  University's  Todd 
Ferris  says  Lancope’s 
StealthWatch  gear  helps 
him  spot  nefarious  net 
activity. 


Brightmail  tries  to  ID  spammer  sources 

Service  looks  to  avoid  over-blocking  of  messages. 


kk Enterprises  hate  seeing  the  same  IP 
addresses  banging  them  all  day  long. . . . 
Now  they  can  terminate  the  conversation 
a  lot  earlier.  9  9 


Ken  Schneider 

CTO,  Brightmail 


■  BY  CARA  GARRETSON 

With  the  deluge  of  unwanted  e-mails 
that  flow  into  corporations  showing  no 
signs  of  easing,  anti-spam  software  maker 
Brightmail  is  offering  a  new  service 
designed  to  identify  IP  addresses  that 
send  mostly  junk  mail. 

Called  the  Brightmail  Reputation  Serv¬ 
ice,  this  new  feature  monitors  hundreds  of 
thousands  of  e-mail  sources  to  determine 
how  much  mail  sent  from  these  addresses 
is  legitimate  and  how  much  is  spam,  says 
Ken  Schneider,  CTO  of  Brightmail.  The 
company  gathers  information  from  user 
reports  and  from  its  Probe  Network  —  a 
collection  of  decoy  e-mail  in-boxes 
designed  to  catch  spam  —  to  determine 
whether  a  given  IP  address  sends  valid  or 
junk  messages.  There  are  about  300  mil¬ 
lion  end  users  of  Brightmail’s  software,  the 
company  says. 

“Enterprises  hate  seeing  the  same  IP 


addresses  banging  them  all  day  long. . . . 
Now  they  can  terminate  the  conversation 
a  lot  earlier,”  Schneider  says. 

The  service  creates  a  profile  of  each 
e-mail  source  from  which  administra¬ 
tors  can  decide  whether  to  block  mail 
from  these  sources  or  allow  it  into  the 
company.  Brightmail  also  will  make 
available  a  “safe  list”  of  e-mail  addresses 


that  have  never  sent  spam  to  users  of  the 
Reputation  Service  free  of  charge, 
Schneider  says. 

“If  an  [IP  address]  produces  99  to  100% 
spam  day  after  day ...  our  enterprise  prod¬ 
uct  uses  that  as  strong  evidence”  for  block¬ 
ing  that  address,  Schneider  says.  “On  the 
opposite  end,  we  also  track  IP  addresses 

See  Spam,  page  22 
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If  tilings  have  gone  as  widely  expected, 
the  FCC  by  now  has  formally  decided 
to  decide  not  to  regulate  VoIPThis  devel¬ 
opment  might  not  please  the  FBI,  but  if  it 
cares  whether  the  FCC  regulates  VoIP  then 
the  FBI  does  not  understand  the  issue. 

For  those  of  you  who  have  not  been  fol¬ 
lowing  this  saga,  Pulver.com  a  year  ago  sub¬ 
mitted  a  request  to  have  the  FCC  declare 
that  Pulver.com’s  Free  World  Dialup  VoIP 
service  “is  not  telecommunications  nor  is  it 
a  telecommunications  service”  as  defined 
by  the  Telecommunications  Act  of  1996. 
Such  a  declaration  would  mean  that  Free 
World  Dialup  was  not  subject  to  a  number 
of  FCC  regulations  that  apply  to  telecom 


Blindly  looking  in  the  wrong  place 


services.  These  regulations  include  paying 
into  the  Universal  Service  Fund, supporting 
Enhanced  911  service  and  enabling  law 
enforcement  wiretaps. 

Regulators  do  not  much  like  this  idea, 
(see,  for  example,  www.nwfusion.com, 
DocFinder:  9732)  nor  does  the  FBI.The  FBI 
feels  that  it  needs  to  be  able  to  wiretap  VoIP 
to  chase  criminals  and  protect  the  national 
security  I  think  the  FBI  misunderstands  the 
problem  and  that  if  the  organization  gets  its 
way  it  specifically  will  not  be  able  to 
accomplish  its  mission  against  anyone  but 
the  dumbest  criminals  or  terrorists. 

If  I  were  a  conspiracy  theorist,  I  would 
suspect  that  there  was  a  mole  inside  the 
FBI  convincing  it  to  ask  the  FCC  to  regulate 
VoIP  But  maybe  it’s  just  that  the  FBI  does 
not  understand  data  networking. 

In  1994,  Congress  passed  the  Commun¬ 
ications  Assistance  for  Law  Enforcement 
Act  (CALEA),  which  requires  “telecommu¬ 
nications  carriers”  to  be  able  to  wiretap 


their  services.  The  same  act  specifically 
exempts  “information  services”  from  these 
provisions.  If  the  FCC  followed  the  logic  it 
has  followed  for  years,  it  will  now  decide  to 
rule  that  VoIP  is  an  information  service  not 
subject  to  CALEA  and  will  have  proposed 
rules  for  public  comment  that  say  this. 

News  reports  in  early  February  said  the 
FBI,  the  Department  of  Justice  and  the 
Drug  Enforcement  Administration  have 
agreed  not  to  block  an  FCC  determination 
that  Free  World  Dialup  is  an  information 
service  rather  than  a  telecom  service.  But 
the  agencies  will  file  a  petition  with  the 
FCC  asking  for  rules  that  will  apply  CALEA 
to  VoIP  services.  I  spent  most  of  Feb.  6  on  a 
videoconference  between  Cambridge, 
Mass.,  and  the  Washington,  D.C.,  area  near 
Dulles  Airport.  The  videoconference,  with 
full  audio,  ran  between  my  Mac  laptop  and 
a  Mac  laptop  at  the  other  end.  We  used 
Apple  iSight  cameras  and  iChat  software.  It 
would  be  quite  hard  to  differentiate  this 


conference  from  one  that  was  run  over  a 
phone  service.  But  in  my  case,  no  one  in 
the  network  knew  that  a  conference  was 
under  way  If  the  FBI  focuses  only  on  the 
VoIP  providers  it  will  miss  anyone  like  me 
who  makes  direct  connections  without 
using  a  provider. 

The  only  sensible  way  for  the  FBI  and  the 
other  agencies  to  proceed  is  to  go  back  to 
Congress  and  persuade  lawmakers  to 
extend  CALEA  to  information  services, 
then  to  get  ISPs  to  wiretap  the  underlying 
IP  communications.  To  do  anything  else 
would  be  to  willfully  avoid  doing  anything 
effective  against  the  real  threats. 

Disclaimer:  Some  people  complain  that 
folks  at  Harvard  do  not  exercise  willful 
avoidance  enough,  but  the  above  observa¬ 
tion  is  my  own. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sob.com 


Cognos  tightens  planning  software  integration 


One  customer,  Murray  Financial 
Systems  Manager  Rose  Melillo,  says 
the  difference  between  the  early 
integration  and  that  offered  in  the 
7.2  release  is  “night  and  day." 


■  BY  STACY  COWLEY 

Analytics  and  reporting  soft¬ 
ware  vendor  Cognos  announced 
the  latest  version  of  its  Enterprise 
Planning  Series  suite  last  week, 
boosting  the  integration  between 
Cognos’  flagship  applications  and 
its  newer  additions  based  on  tech¬ 
nology  the  company  acquired 
last  year  from  Adaytum. 

Cognos  released  last  year  a 
branded  version  of  Adaytum’s 
software,  but  last  week’s  release  of 
Enterprise  Planning  Series  7.2  is 
the  first  edition  to  fully  connect 
Cognos  Consolidation  (formerly 
called  Cognos  Financial)  with  the 
Adaytum-based  Cognos  Enter¬ 


prise  Planning  software. 

One  customer,  Murray  Financial 
Systems  Manager  Rose  Melillo, 
says  the  difference  between  the 
early  integration  and  that  offered 
in  the  7.2  release  is  “night  and  da/ 

“Now  it’s  really  usable,”  Melillo 
says.  “For  someone  like  us,  with 
[Cognos  Consolidation]  set  up, 
we  did  not  want  to  reinvent  the 
wheel  over  on  the  planning  side. 
Now  we  can  pull  up  Consol¬ 
idation  information  and  push 
small  parts  of  that  out  to  plan¬ 
ning,  so  we  can  run  real-time 
what-if  scenarios,  which  are 
wonderful.” 

Murray  is  a  Brentwood,  Tenn., 
maker  of  lawn  mower  and  snow¬ 


blower  products.  The  company 
has  used  Cognos’  financial  report¬ 
ing  software  for  several  years  and 
has  helped  the  business  cut  its 
monthly  financial  closing  time 
from  two  weeks  to  three  days, 
Melillo  says.  What  Murray  didn’t 
have  until  now  was  the  real-time 


ability  to  examine  the  effects  of 
changing  sales  forecasts  on  its 
bottom  line. 

Enterprise  Planning  Series  is 
one  of  several  software  suites  in 
Cognos’  portfolio.  In  addition  to 
tighter  links  among  products 
within  the  suite,  the  new  ver¬ 


sion  adds  interoperability  with 
other  Cognos  products,  includ¬ 
ing  its  ReportNet  and  Power- 
Play  business  intelligence,  and 
its  Metrics  Manager  scorecard- 
ing  tool.Version  7.2  also  adds  to 
the  Enterprise  Planning  Series  a 
link  to  the  single  sign-on  system 
found  throughout  Cognos’ 
products. 

Pricing  for  Cognos’  Enterprise 
Planning  Series  varies  by  config¬ 
uration,  but  a  50-user  license 
starts  at  about  $75,000,  the  com¬ 
pany  says. 

Cowley  is  a  correspondent  with 
IDG  News  Service’s  New  York 
bureau. 
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October  and  adapting  it  into 
hardware  appliance  form.  Last 
week  Symantec  announced  two 
models  of  the  Symantec  Client¬ 
less  VPN  Gateway  4400  series. 

The  4420  model,  which  costs 
$9,500,  has  two  fast  Ethernet 
ports  and  supports  350  simulta¬ 
neous  connections.  The  4460 
model,  which  costs  $18,000, sup¬ 
ports  two  Gigabit  Ethernet  ports 
and  1 ,000  simultaneous  connec¬ 
tions. 

The  Symantec  remote-access 
SSL  VPN-based  gear  —  which 
competes  with  similar  products 
from  Aventail,  Cisco,  F-Secure 
and  NetScreen  Technologies  — 
will  lets  users  authenticate  their 


identities  via  Web  browsers.  This 
is  in  contrast  to  IPSec-based 
VPNs  that  require  special  IPSec- 
based  client  software. 

According  to  Symantec  mar¬ 
keting  manager  Howard  Lev,  the 
two  SSL  VPN  appliances  also  will 
support  non-Web  applications  as 
well  by  dynamic  download  of 
Java  applets  to  a  client  machine. 

Symantec  has  plans  to  inte¬ 
grate  SSL  VPN  functionality  this 
year  into  the  multi-function 
Symantec  Gateway  Security, 
which  is  IPSec-based  today.  ■ 


Subscribe  to  our  free  newsletter. 
DocFinder:  5434  www.nwfusion.com 
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that  produce  nothing  but  legiti¬ 
mate  mail  for  the  last  six  months. 
Users  might  want  to  route  those 
[messages]  around  the  filters  and 
not  pay  the  processing  hit.” 

With  its  new  service,  Brightmail 
is  attempting  to  strike  a  balance 
between  blocking  IP  addresses 
that  send  spam  and  ensuring  that 
legitimate  mail  gets  through  to  its 
destination.  To  avoid  “over-block¬ 
ing,”  the  Reputation  Service  con¬ 
tinuously  monitors  e-mail  sources 
and  will  update  the  profile  of  a 
given  IP  address  if  its  status 
appears  to  change,  the  company 
says.  For  example,  if  an  address 
considered  to  be  a  spam  source 
doesn’t  send  unwanted  messages 


for  a  given  time  period,  Brightmail 
will  update  that  source’s  profile, 
Schneider  says.  The  service  will 
update  the  status  of  IP  addresses 
on  an  hourly  basis. 

Brightmail  says  that  one  form  of 
spam  fighting  —  such  as  its 
Reputation  Service  —  isn’t 
enough;  companies  trying  to 
bring  the  amount  of  spam  in  their 
in-boxes  down  to  a  miniscule 
level  must  use  many  filters. 

The  company’s  spam-filtering 
effectiveness  recently  won  an 
“excellent”rating  from  The  Yankee 
Group  in  its  December  report  on 
anti-spam  vendors.  But  the  re¬ 
search  company  gave  Bright- 
mail’s  enterprise  software  a  “fair” 
for  flexibility  and  labeled  its 
e-mail  server  security  features  as 
“limited.” 


Brightmail’s  enterprise  software, 
which  began  as  a  product  for 
ISPs,  competes  with  packages 
from  companies  such  as  Cloud- 
mark,  MailFrontier  and  Proof- 
point,  and  with  services  from 
FrontBridge  Technologies  and 
Fbstini. 

The  Brightmail  Reputation  Ser¬ 
vice,  slated  for  release  at  the  end 
of  the  month,  is  free  to  Brightmail 
Enterprise  customers.  Customers 
can  download  the  set  of  rules 
associated  with  the  service. 

In  a  separate  announcement, 
Brightmail  announced  last  week 
it  has  struck  a  deal  with  Voltage 
Security  to  provide  its  anti-spam 
software  with  Voltage’s  Secure- 
Mail  software.  Brightmail’s  soft¬ 
ware  is  available  now  with 
Voltage  s  e-mail  software.  ■ 


networks 


a H 

In  an  extreme  world... 


TAKE  YOUR  NETWORK  BEYOND  CONVENTION 


GO  BEYOND 

WITH  EXTREME  NETWORKS 


At  Extreme  Networks,  we  amplify  network  performance  and  function  by 

continually  challenging  the  status  quo  of  networking.  Our  switching  Contact  Extreme  Networks  at 

solutions  build  efficient  wired  and  wireless  Ethernet  and  IP  infrastructures  1.888.257.3000  or  visit  us  on  the  web  at 
that  deliver  best-in-class  scalability,  performance  and  security.  www.extremenetworks.com/go/beyond.htm 
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users  and  the  business  as  a  whole.  How's  that  for  a  switch ? 
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THE  TRADE:  Configuration  management. 


etwork  configuration  tools  evolve 


a  BY  DENISE  DUBIE 

Today’s  network  configuration  management  prod¬ 
ucts  from  companies  such  as  AlterPoint,Gold  Wire 
Technology,  Intelliden  and  Tripwire  are  used  mostly 
to  store  and  track  server,  router  and  switch  configura¬ 
tions.  But  industry  watchers  argue  that  the  technology 
also  can  be  put  to  more  sophisticated  uses  to  maximize 
network  availability,  optimize  application  performance 
and  secure  data  centers. 

Network  configuration  management  technology  auto¬ 
mates  manual  tasks,  maximizes  efficiency  and  accuracy 
by  minimizing  human  error,  and  “enhances  security 
through  tight  access  controls  and  configuration  audits,” 
says  Glenn  O’Donnell,  research  director  at  Meta  Group. 

Available  as  software-only  or  packaged  as  appliances, 
network  configuration  management  products  today  cap¬ 
ture  and  store  accurate  server  and  device  configura¬ 
tions;  use  automated  features  to  provision  and  configure 
new  devices;  enforce  access  and  change  policies;  and 
monitor  actions  taken  on  or  in  relation  to  devices. 
Network  configuration  tools  can  help  maintain  consis¬ 
tency  across  similar  devices,  ensure  critical  change  data 
is  documented  and  more  quickly  restore  a  device  to  the 
known  “desired”  state  —  meaning  if  a  failure  occurs 
after  a  change,  network  engineers  can  roll  the  device 
back  to  its  known  configuration  before  the  change. 

Configuration  management  tools  from  vendors  such  as 
Check  Point,  Cisco  and  Nortel  offer  configuration  and 
change  management  capabilities  for  their  respective  gear, 
but  the  predominance  of  heterogeneous  networks  cre¬ 
ates  a  demand  for  multi-vendor  products. 

Network  managers  also  require  software  to  manage 
server  and  application  configurations  in  addition  to 
device  information.  Companies  such  as  Collation, 

Relicore  and  Voyence,  among  others,  have  emerged  in  the 
past  few  years  to  address  the  need  to  manage  multiple 
devices  from  various  vendors  in  a  consistent,  automated 
manner. 

“It  is  becoming  clear . .  .that  real  improvements  in  cost 
control  and  availability  will  not  happen  without  configu¬ 
ration  management,”  Dennis  Drogseth.a  vice  president 
with  Enterprise  Management  Associates  (EMA),  wrote  in 
a  special  report  sponsored  by  configuration  management 
vendor  AlterPbint  and  produced  by  Network  World. 

Keeping  changes  in  check 

Kevin  Schwartz,  a  network  specialist  at  Burns  & 
McDonnell,  an  engineering  consulting  firm  in  Kansas 
City,  Mo.,  uses  Rendition  Networks’TrueControl  software 
to  manage  changes  on  switches  and  routers.  The  soft¬ 
ware  helped  him  implement  a  change  management 
process  at  his  company  In  the  past,  access  and  autho¬ 
rization  to  the  company’s  46  devices  (routers  and 
switches)  wasn’t  monitored  closely  enough. 

“We  saw  that  our  method  was  just  a  loose  way  of  track¬ 
ing  changes,”  Schwartz  says.“Now  we  can  control  what 
changes  are  made  to  which  hardware.  It’s  more  of  an 
insurance  policy  than  anything  else.” 

TrueControl  incorporates  multiple  steps  needed  to  gain 
the  necessary  approval  and  to  make  changes  on  devices 
into  a  system  that  provide  automated  prompts  and 
restrictions.  Schwartz  says  the  software  logs  activity  on  the 
devices  he  configured  it  to  monitor.  With  policies  that  he 


To  err  is  human 


Network  configuration  management  vendors 
promise  to  reduce  or  eliminate  the  amount  of 
errors  that  cause  network  downtime.  The 
Yankee  Group  survey  of  229  network  operators 
found  human  error  to  be  the  second-largest 
cause  of  outages. 
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and  his  team  have  created,  the  software  ensures  access  to 
devices  is  limited  to  those  with  authorization. 

He  says  the  software  prevents  potential  downtime, 
reduces  manual  tasks  and  helps  keep  a  running  tab  on 
router  updates.The  software  also  makes  it  possible  for 
him  to  call  in  via  modem  to  a  router  at  a  remote  loca¬ 
tion  and  bring  it  back  to  life,  a  task  that  before  would 
have  required  a  technician  to  travel  to  the  remote  site. 
Schwartz  says  a  feature  missing  in  the  product  is  the 
ability  to  distribute  software  updates  to  routers. 

“We  would  like  to  make  sure  that  our  regional  office 
routers  are  all  running  the  same  software.  We  would 
make  use  of  a  feature  that  let  us  make  software  updates 
to  the  routers,”  he  says. 

Security  and  more 

While  configuration  technology  monitors  devices  and 
actions  taken  on  them,  it  also  can  add  security  benefits 
by  detailing  exactly  what’s  happening  and  who’s  taking 
the  action  on  the  servers  and  devices  such  as  switches, 
routers  and  firewalls  in  enterprise  networks. 

Gold  Wire,  Rendition  and  Tripwire  market  their  prod¬ 
ucts  as  a  network  and  security  tool.  One  Tripwire  user,  a 
Unix  systems  manager  at  a  large  oil  field  services  com¬ 
pany  who  wishes  to  remain  anonymous,  says  he  started 
using  the  company’s  Tripwire  for  Servers  as  a  host-based 
intrusion-detection  system  and  soon  realized  multiple 
—  unauthorized  —  changes  were  being  made  to 
servers.The  company  also  uses  Tripwire  for  Network 
Devices  separately 

The  software,  installed  to  track  events  on  routers  and 
switches, started  alerting  the  IT  team  about  multiple  daily 
changes  being  made  to  devices  that  normally  only  would 
need  to  be  changed  once  per  week.  While  this  user  says 
the  intent  was  not  malicious,  the  unwitting  changes 
potentially  could  wreak  havoc  on  network  availability 
Tripwire  is  still  in  place  for  its  original  security  purposes, 
but  this  systems  administrator  says  the  software  proved  it 
could  be  used  for  more  than  one  task. 

“The  Tripwire  software  evolved  into  our  change  man¬ 
agement  system,  which  helps  us  better  secure  our  net¬ 


work,”  the  user  says.“Tripwire  is  our  enforcement  tool  to 
see  if  our  change  control  policies  are  being  followed.” 


Automated  access  and  authentication 

Jim  Sherer,  vice  president  of  application  service  pro¬ 
vider  operations  at  ASP  Dealer  Services  in  Hoffman 
Estates,  111.,  uses  Gold  Wire’s  Formulator  to  track  multiple 
configurations  across  about  400  Unix  servers.  He  says  the 
software  helps  him  authenticate  users  accessing  his  com¬ 
pany’s  server  farm.  In  this  case,  the  Formulator  appliance 
works  as  a  back-end  box  that  provides  connectivity  and 
authentication  for  users  to  access  the  servers,  acting 
much  like  a  Lightweight  Directory  Access  Protocol  server. 

Sherer  says  while  the  server  configuration  manage¬ 
ment  features  work,  he  is  working  with  the  vendor  to  use 
the  product  on  a  larger  scale. 

“We’d  like  to  use  it  on  a  large  scale,  for  all  of  our  core 
architecture  routers  and  switches  and  move  it  onto 
remote  nodes,”  Sherer  says.’That  will  require  more  time 
and  money!’ 

Expanding  one’s  network  configuration  management 
tool  from  a  point  product  to  a  broader  enterprise  applica¬ 
tion  can  pose  a  challenge,  EMAs  Drogseth  explained  in 
his  report.The  technology,  naturally  can  become  more  dif¬ 
ficult  to  roll  out  as  the  number  of  devices  to  be  managed 
grows,  but  it  also  can  become  a  problem  when  various 
device  configurations  need  to  be  managed  with  the  same 
tool.  For  example,  products  that  manage  server  configura¬ 
tions  work  separately  from  those  that  manage  device  con¬ 
figurations.  Enterprise  IT  managers  would  have  to  inte¬ 
grate  the  tools  —  or  vendors  need  to  do  it  for  them  —  to 
establish  a  comprehensive  configuration  management 
process. 

Also,  a  successful  rollout  of  the  technology  across  a  vari¬ 
ety  of  network  components  (such  as  servers,  routers,  fire¬ 
walls  and  applications)  requires  solid  workflow  processes 
also  be  in  place,  Drogseth  wrote. 

“Configuration  management  tools  are  not  lightly  imple¬ 
mented.  Organizational  changes  and  detailed  preplan¬ 
ning  activities  may  be  required,”  the  report  said. 

Meta  Group’s  O’Donnell  says  understanding  how  the 
devices  are  used,  and  the  relationships  and  interdepen¬ 
dencies  among  devices,  servers,  applications  and  end 
users  would  help  network  managers  reduce  network  fail¬ 
ures  and  spend  less  time  troubleshooting  the  network. 

Understanding  how  a  configuration  change  on  a 
router  in,  say,  a  company’s  headquarters  in  New  York 
affects  an  end  user  in  a  branch  office  in  Denver  could 
be  the  knowledge  network  managers  need  to  prevent 
problems,  rather  than  simply  respond  to  them. 

“The  technology  needs  to  evolve  to  provide  broader 
coverage  of  the  network,”  O’Donnell  says.“It  should 
encompass  more  than  network  devices.  Managing 
servers,  desktops  and  applications  would  make  sense 
with  this  type  of  technology”  ■ 


More  online! 

Which  new  technologies  best  improve  network 
performance?  Which  breakthroughs  in  caching 
and  compression  free  up  WAN  capacity?  Find 
out  at  Network  World's  Technology  Tour,  Net¬ 
work  Management:  The  New  Business  Focus. 
DocFinder:  9657 
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Takes 


■  Lucent  is  teaming  with  BroadSoft, 

a  developer  of  VoIP  applications,  to  de¬ 
liver  integrated  VoIP  systems  to  ser¬ 
vice  providers.  They  will  combine 
BroadSoft's  BroadWorks  application 
software  with  Lucent's  Accelerate 
softswitch  and  gateways  for  service 
providers  building  new  or  "overlay” 
VoIP  networks.  Business  and  residen¬ 
tial  services  supported  by  the  Lucent/ 
BroadSoft  integration  include  hosted 
IP  PBX,  IP  Centrex,  voice  over  broad¬ 
band  and  voice  VPN.  Lucent  also  an¬ 
nounced  that  Choice  One  Commu¬ 
nications,  which  provides  communi¬ 
cations  services  to  businesses  in  the 
Northeast  and  Midwest,  will  trial  the 
products  in  preparation  for  an  enter¬ 
prise  VoIP  service  rollout  in  its  region. 

■  Web  hosting  firm  Verio  has  en¬ 
hanced  its  customer  portal  to  give 
users  the  ability  to  interact  more  tight¬ 
ly  with  its  hosted  infrastructure.  The 
NTT/Verio  PowerPortal  is  designed 
to  give  users  a  single  dashboard  from 
which  to  manage  and  monitor  the  ap¬ 
plications,  servers  and  network  infra¬ 
structure  hosted  by  Verio.  Updates  to 
the  portal  include  enhanced  security 
that  lets  users  create  authentication 
levels  for  different  users;  systems 
alerts  to  keep  customers  apprised  of 
network,  bandwidth,  application  and 
server  performance;  and  improved 
trouble-ticket  access  to  let  users  bet¬ 
ter  manage  problem  resolution. 

■  MCI  has  asked  a  bankruptcy  judge 
for  a  60-day  extension  to  the  Feb.  28 
deadline  for  the  company  to  emerge 
from  bankruptcy.  An  extension  to  the 
deadline,  mutually  agreed  to  by  MCI 
and  the  U.S.  Bankruptcy  Court  for  the 
Southern  District  of  New  York,  would 
give  MCI  time  to  complete  financial  fil¬ 
ings  with  the  Securities  and  Exchange 
Commission.  That  is  the  last  major 
task  left  for  MCI  to  emerge  from  bank¬ 
ruptcy.  “We  have  made  incredible 
progress  on  the  reconstruction  of  our 
financial  statements,  but  it  is  much 
more  important  for  us  to  get  them 
done  correctly  rather  than  quickly," 
Bob  Blakely,  MCI  executive  vice  presi¬ 
dent  and  CFO,  said  in  a  statement. 


2/16/04 


providers 

■  THE  INTERNET  ■  EXTRANETS  ■  INTEREXCHANGES  AND  LOCAL  CARRIERS 

■  WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE  DEVELOPMENTS 


NetworkWorld  0 


MCI  broadening  MPLS  net 

Carrier  cites  strong  demand  as  it  prepares  to  emerge  from  bankruptcy, 


fcfc  We  like  the  solution  [MCI  offers],  and  it  meets 
our  needs  without  adding  complexity.  11 


■  BY  DENISE  PAPPALARDO 

MCI  is  expanding  the  geographic  reach 
of  its  Multi-protocol  Label  Switching  net¬ 
work  to  48  countries  in  a  move  that  will 
provide  greater  coverage  for  its  Private  IP 
and  MCI  Advantage  customers. 

The  carrier  says  it  will  deploy  an  unspec¬ 
ified  number  of  Cisco  10000  routers 
throughout  the  year,  which  will  more  than 
double  the  number  of  countries  its  MPLS 
network  serves. 

“We’re  making  this  investment  because 
we’re  seeing  increased  demand  and  inter¬ 
est  [in  MPLS]  from  our  customers,”  says 
Jim  DeMerlis,vice  president  of  data  and  IP 
solutions.  DeMerlis  says  this  network 
investment  “is  in  the  [company’s  capital 


Mike  Woods 

CIO,  NCP  International 

expenditure]  plan  for  2004.” 

MCI  is  expected  to  emerge  from  bank¬ 
ruptcy  in  the  next  few  months.  The  com¬ 
pany  did  not  disclose  how  much  it  would 
invest  in  the  network. 

In  addition  to  growing  its  MPLS  network, 
the  carrier  also  plans  to  more  closely  inte¬ 
grate  its  multiple  IP  service  offerings, 
DeMerlis  says. 


In  addition  to  the  Private  IP  service,  MCI 
is  moving  its  VoIP  offering  to  its  MPLS 
backbone  and  plans  to  integrate  its  IP 
VPN  Dedicated  Services  and  network- 
based  firewall  capabilities  with  Private  IP 
DeMerlis  says. 

The  Private  IP  offering  lets  legacy 
data  customers,  such  as  frame  relay 

See  MCI,  page  28 


Equant  GEO  looks  to  make 
inroads  with  U.S.  multinationals 


Equant  started  the  year  by  saying  it 
wants  more  of  your  business.  The 
international  telecom  service 
provider,  best  known  in  Europe,  is 
making  efforts  to  win  over  multi¬ 
national  businesses  based  in  the 
U.S.  Network  World  Senior  Editor 
Denise  Pappalardo  recently  spoke 
with  Equant  CEO  Daniel  Caclin  about  how  the  carri¬ 
er  intends  to  steal  customers  from  AT&T  and  MCI 
and  why  he  believes  customers  should  turn  to 
Equant  for  worldwide  service  needs. 

Why  is  now  the  right  time  for  Equant  to  increase  its  competitive 
efforts  in  the  U.S.  against  AT&T  and  MCI? 

It  is  definitely  the  time  for  us.There  are  two  reasons. 
Everyone  knows  the  situation  of  our  main  competitors. 
Equant  is  doing  well.  We  got  through  our  integration  [with 
France  Telecom]  with  success.  We  have  a  strong  portfolio 
of  solutions  ..  .so  it  is  the  time  to  be  more  aggressive  in 
the  U.S.  market.  We  are  not  under  any  pressure. The  only 
pressure  is  the  pressure  we  put  on  ourselves. 

How  will  Equant  improve  or  expand  its  commercial  presence  in 
North  America? 

We  are  helping  large  multinational  companies  in  the 


U.S.  to  support  their  business  processes  worldwide.  Our 
positioning  is  we  have  the  ability  to  deliver  data,  consult¬ 
ing,  integration,  project  management,  conferencing  and 
managed  hosting  services.  Our  approach  is  to  focus  on 
the  basic  needs  of  CIOs  to  manage  the  complexity  of 
their  infrastructure  and  control  their  total  cost  of  owner¬ 
ship.  A  large  multinational  corporation  in  the  U.S.  will 
often  start  with  buying  services  in  Asia  or  in  Western 
Europe.  And  step  by  step,  we’ll  get  a  bigger  piece  of  their 
business.  This  is  one  of  the  keys  for  us  to  sell  more  to  the 
American  domestic  market. 

Is  Equant  only  focusing  on  customers'  multinational  needs  as 
opposed  to  those  that  might  only  have  domestic  service  needs? 

That  is  absolutely  correct.  Equant’s  focus  is  on  the 
world’s  largest  multinational  companies  with  the  core  of 
our  target  on  the  largest  5,000.  Roughly  60  of  the  top  100 
of  these  companies  are  significant  Equant  customers. 

Are  you  also  spending  more  on  advertising  in  the  U.S.  to  reach 
new  customers? 

We  are  building  a  brand  in  the  corporate  market.  Our 
customers  know  the  large  worldwide  players.The  names 
are  very  limited.  In  the  U.S.,  they  are  AT&T  and  MCI. 
Outside  the  U.S.they  are  Equant,  British  Telecom  and,  in 
some  ways,  Cable  &  Wireless.  I  should  also  mention  Infonet, 
but  they  are  much  smaller. 

See  Equant,  page  28 
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"We  performed  over  807,000  successful  software 
deployments  to  65,000  desktops  in  2002  alone  and 
saved  over  247,000  administration  hours." 

Steven  Bramson 

Senior  Systems  Architect,  Motorola 


Windows 
Server  System 


Make  a  name  for  yourself  with  Windows  Server  System. 

Microsoft  Windows  Server  System  makes 
Motorola's  infrastructure  easier  to  manage.  Here's 
how:  using  Microsoft  Systems  Management  Server 
and  SQL  Server,  powered  by  Windows  Server, 
Motorola  conducts  system  inventory  of  their  65,000 
desktops  from  one  location,  identifies  necessary 
system  updates,  then  deploys  those  applications 
across  the  enterprise  automatically.  It's  software 
that  helps  you  do  more  with  less.  Get  the  full 
Motorola  story  and  a  hands-on  management  tool 
at  microsoft.com/wssystem 
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According  to  a  recent  Nemertes  bench¬ 
mark,  an  overwhelming  percentage  of 
employees  —  87%  to  be  exact  — 
work  at  locations  other  than  the  headquar¬ 
ters  building  or  campus,  typically  at  a 
regional  facility  sales  office,  retail  store  or 
even  a  home  office.Furthermore, two-thirds 
of  IT  executives  say  they  expect  their  com¬ 
panies  will  hire  even  more  remote  workers, 
based  on  the  idea  that  increased  band¬ 
width  costs  are  offset  by  real-estate  and 
other  savings. 

The  number  of  people  at  [our]  head¬ 
quarters  is  shrinking  radically  because  of 
the  cost  of  facilities,” says  the  CTO  of  a  large 
healthcare  company  that  employs  only 
800  of  its  24,000  employees  at  headquar¬ 
ters.  “Were  shifting  people  and  facilities 
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Handling  the  remote-office  revolution 


where  they  make  sense.” 

As  noted  last  week,  most  organizations 
are  seeing  their  bandwidth  requirements 
skyrocket  —  often  reaching  triple-digit 
annual  growth.  That  is  occurring  because 
companies  are  increasingly  “pushing” 
applications  out  to  the  remote  workforce. 
They’re  also  adding  new  applications  — 
such  as  IP  telephony  and  Web  services  — 
that  consume  additional  bandwidth. 
Supporting  Web  services  is  the  No.  1  initia¬ 
tive  affecting  WAN  utilization  that  bench¬ 
mark  participants  cite  —  42%  say  it  will  be 
a  critical  issue  this  year. 

The  upshot  is  the  remote-office  revolu¬ 
tion  affects  everything  from  the  WAN  to 
security  policy  to  disaster  recovery  to 
switching  fabrics.  If  any  of  these  challenges 
sound  familiar,  you  should  look  into  these 
products  and  services: 

•  Bandwidth-optimization  products  from 
companies  such  as  Expand  Networks, 
Packeteer  and  Peribit  Networks  use  com¬ 
pression,  caching  and  quality  of  service  to 
ensure  end-to-end  performance  across  a 


limited-capacity  network,  while  services 
and  solutions  from  companies  such  as 
Equinix,  Internap  Network  Solutions,  Profi¬ 
cient  Networks  and  RouteScience  Technol¬ 
ogies  use  route  optimization  to  match  traf¬ 
fic  requirements  to  network  alternatives. 

IT  executives  have  been  slow  to  adopt 
some  of  these  products,  generally  because 
of  a  lack  of  familiarity  or  unwillingness  to 
introduce  additional  network  complexity 
However,  virtually  everyone  who  has  de¬ 
ployed  such  products  has  found  them  cost- 
effective,  easy  to  use  and  highly  effective. 

•  Managed  remote-access  solutions  such 
as  those  from  Gric  Communications,  Mega- 
Path  Networks  and  Netifice  Communica¬ 
tions  cut  down  one  of  the  most-significant 
cost  components  —  labor  —  involved  in 
overseeing  and  administering  a  far-flung 
WAN.  End-user  administration  is  a  major 
headache  and  significant  cost.  We  found 
that  companies  spend  on  average  $14  per 
remote  user,  per  month  —  or  a  whopping 
$168  per  year.  For  a  company  with  1,000 
employees,  that’s  a  lot  of  change  —  and 


managed  remote-access  solutions  can 
reduce  that  burden  by  up  to  40%. 

•  Aggregation  and  other  remote-access 
services  such  as  Fiberlink  Communica¬ 
tions  and  iPass  let  travelers  and  teleworkers 
securely  and  effectively  utilize  bandwidth 
that’s  already  in  place  (such  as  Wi-Fi  and 
DSL  links,  and  dial-up)  to  connect  back  to 
corporate  sites.  The  key  advantage  to  such 
approaches  is  ubiquity  —  you  don’t  have 
to  rely  on  the  availability  of  a  particular 
provider’s  dedicated  network. 

“New-age”  telcos  such  as  Broadwing,  Level 
3  Communications,  Masergy  Communica¬ 
tions  and  Sawis  Communications  also  are 
giving  the  traditional  telcos  (AT&T,  Qwest, 
SBC,  Sprint  and  Verizon)  a  run  for  their 
money  by  offering  increased  local  and 
managed  services  offerings  designed  to 
help  companies  optimize  bandwidth  use. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


MCI 
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users,  migrate  to  a  fully  meshed  network 
architecture  without  adding  the  cost 
of  dedicated  circuits  between  every 
location. 

NPC  International  moved  to  MCI’s 
Private  IP  service  last  year  and  is  now  in 
the  process  of  rolling  out  payroll,  human 
resources  and  credit  card  transaction 
applications  to  all  800  sites  that  it  couldn’t 
support  over  its  dial-up  network,  says 
Mike  Woods,  CIO  at  the  Kansas  City,  Kan., 
company. 

While  NPC,  the  largest  Pizza  Hut  fran¬ 
chisee  in  the  U.S.,does  not  have  plans  to 
move  to  VoIP  today,  Woods  says  he  would 
like  to  see  the  carrier  offer  more  flexibil¬ 
ity.  “We’ll  always  look  to  make  appropri¬ 
ate  changes  when  need  demands.  We 
like  the  solution  they  offer,  and  it  meets 
our  needs  without  adding  complexity” 
he  says. 

While  NPC  isn’t  buying  VoIP  today  MCI 
hopes  that  by  migrating  its  MCI  Ad¬ 
vantage  offer  to  its  MPLS  network  it  might 
be  more  attractive  to  existing  Private  IP 
customers.  Today,  MCI  Advantage  runs 
over  MCI’s  public  IP  backbone  and  its 
vBNS  network,  which  typically  is  used 
only  by  colleges  and  universities. 

The  carrier  is  moving  its  MCI  Advantage 
service  to  its  MPLS  network  to  offer  users 
the  ability  to  couple  its  VoIP  offering  with 
VPN  services  such  as  Private  IP  as  early  as 
next  month. 

DeMerlis  says  MCI  will  continue  to  use 
its  vBNS  network  to  support  call  signaling 
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MCI  hopes  that  by 
migrating  its  MCI 
Advantage  offer  to  its 
MPLS  network  it  might 
be  more  attractive  to 
existing  Private  IP 
customers. 


between  its  IP  and  the  public  switched 
telephone  network  domestically. 

The  carrier  also  plans  to  roll  out  MCI 
Advantage  internationally  in  the  second 
half  of  this  year  over  its  MPLS  network. 
Today,  its  VoIP  service  is  only  available  in 
the  U.S. 

The  carrier  says  it  will  offer  more 
details  later  this  year  on  how  it  will  sup¬ 
port  call  signaling  overseas.  It  will  not 
be  able  to  use  its  gateways  deployed  on 
the  vBNS  network  because  that  back¬ 
bone  does  not  expand  beyond  North 
America. 

MCI  is  also  in  the  process  of  integrating 
its  IP  VPN  Dedicated  Services  with  its 
Private  IP  offering,  which  will  let  a  com¬ 
pany  virtually  operate  one  network 
regardless  if  employees  connect  via  IP 
VPN  or  Private  IP 

In  the  second  half  of  the  year,  the  car¬ 
rier  plans  to  roll  out  DSL  access  to  its 
Private  IP  service.  Today  customers  can 
only  access  the  network  via  local  IP 
frame  relay  or  ATM  connections.  During 
the  same  time  period  MCI  says  it  will 
offer  Private  IP  customers  network-based 
firewall  services  for  an  added  level  of 
security.  ■ 


0  A 

Equant 

|  continued  from  page  25 

Does  Equant  plan  to  invest  more  money  in 
the  U.S.  by  expanding  its  networks  or 
focusing  on  other  projects  domestically? 

We  are  focused  on  getting  the  right 
access  cost  for  our  customers,  espec¬ 
ially  in  the  U.S. There  is  a  lot  of  capacity 
available,  and  local  providers  are  com¬ 
peting  very  aggressively  so  it’s  a  time  to 
make  very  good  deals.  But  I  don’t  think 
new  investments  are  what  the  telecom 
industry  needs  in  the  U.S. 

Equant  said  in  January  that  it  projects  25% 
of  all  revenue  will  come  from  managed  ser¬ 
vices  by  2007.  How  much  of  Equant's  rev¬ 
enue  comes  from  these  services  today? 

Roughly  15%. 

How  will  you  drive  that  number  up  to  25%? 

We  know  that  there  will  be  big 
increases  in  terms  of  capacity  needs, 
but  at  the  same  time,  price  decreases 
will  swallow  that  growth.  Customers 
are  spending  quite  a  lot  today  because 
they  are  supporting  services  from  mul¬ 
tiple  players.  So  the  value  for  users  is  in 
solutions  integration  and  proportional¬ 
ly  less  in  connectivity. This  doesn’t 
mean  we  are  not  interested  in  provid¬ 
ing  data  solutions  or  that  we  are  not 
targeting  that  kind  of  need.  [The  goal] 
simply  recognizes  that  customer  needs 
are  evolving. 

You  said  that  15%  of  revenue  comes  from 
managed  services.  Can  you  break  down 
where  the  rest  of  the  revenue  comes  from? 


About  70%  comes  from  data,  6% 
comes  from  voice  and  about  7% 
comes  from  equipment  we  sell. 

When  you  say  data,  does  that  include  tradi¬ 
tional  services  such  as  frame  relay? 

It  includes  all  legacy  services  such  as 
frame  relay  and  our  IP  VPN  service. 

What  percent  of  the  70%  comes  from  IP 
VPN? 

We  don’t  release  that  information,  but 
we  are  close  to  the  point  where  IP  VPN 
is  roughly  half  of  the  total  of  data. 

How  many  new  customers  does  Equant 
hope  to  win  with  its  new  strategy? 

I  will  not  give  you  a  breakout  in 
terms  of  winning  new  customers,  but  I 
will  tell  you  that  we  have  met  the 
objectives  we  have  given  to  our  sales 
force  for  200.3,  which  was  to  win  more 
than  80  new,  big  names  worldwide. 

How  does  Equant's  customer  base  break 
down  in  terms  of  what  percent  of  cus¬ 
tomers  are  in  the  U.S.,  Europe  and  Asia? 

About  60%  of  our  customers  are  in 
Europe,  20%  in  the  U.S.  and  20%  in  the 
rest  of  the  world  with  a  large  concen¬ 
tration  of  that  20%  in  Asia. 

Why  should  a  large  multinational  company 
in  the  U.S.  choose  Equant  over  AT&T  or 
MCI? 

We  understand  better  than  any  other 
carrier  the  needs  of  a  large  multination¬ 
al  corporation.  We  focus  only  on  this 
business.  Also  we  are  a  fully  integrated 
company  We  operate  the  same  way 
using  the  same  tools  and  processes 
around  the  world.  ■ 


Tech  schools  use  Netilla  for  remote  access 


Breaking  out  of  the  lab 

The  Netilla  Security  Platform  (NSP)  grants  engineering  students  and 
faculty  at  Southern  University  and  Louisiana  State  University  thin-client 
access  to  engineering  applications  such  as  AutoCAD  on  standard  PCs 
from  home,  over  broadband  or  dial-up  connections. 


■  BY  TONI  KISTNER 

In  many  ways  the  engineering  labs  at 
Southern  University’s  College  of  Engin¬ 
eering  are  student  paradise.  The 
Windows  2003  network  supports  300 
high-end  Intel  workstations  with  dual 
flat-panel  displays,  running  myriad 
applications  from  AutoCAD,  Unigraphics 
and  others.  Students  transform  two- 
dimensional  projects  into  3-D  models 
using  3-D  printers  and  the  “Cave,”  an 
eight-foot  cube  where  they  project  and 
manipulate  holographic  images. 

The  only  trouble  is  this  paradise  keeps 
business  hours  —  8  a.m.  to  5  p.m.,  with 
only  one  lab  staying  open  until  10  p.m. 
Students  and  faculty  can’t  access  their 
work  —  all  of  which  lives  on  the 
network’s  50  servers  —  unless  they’re 
on  site. 

Security  has  been  the  biggest  concern. 
The  Baton  Rouge,  La.,  school  has  an 
ample  budget  for  equipment  but  a  mea¬ 
ger  one  for  staff.  Scott  Woodall,  the 
school’s  IT  director,  and  Alan  Mattson, 
the  system  administrator,  typically  work 


■  Georgia  State  Rep.  Kathy  Ashe 
(D-Atlanta)  recently  introduced  a 
bill  that  would  grant  teleworkers 
and  businesses  that  encourage  tele¬ 
work  tax  credits  up  to  $500  and 
$5,000,  respectively.  Taxpayers 
would  have  to  provide  an  outline  of 
how  their  telework  programs  work 
and  detail  the  number  of  driving 
miles  they  save.  In  a  statement, 
Ashe  called  her  bill  a  creative  solu¬ 
tion  to  traffic  and  air  problems. 

■  The  Wi-Fi  Alliance  recently  pub¬ 
lished  a  list  of  175  products  that 
have  become  Wi-Fi-Protected- 
Access-certified  since  testing 
began  last  spring.  WPA  is  a  wireless 
security  technology  that  replaces 
the  insecure  Wired  Equivalent 
Privacy.  Of  the  vendors  that  tele¬ 
workers  rely  on  for  equipment,  only 
Cisco/Linksys  made  the  list,  with  11 
WPA-certified  products. 


16-hour  days.  Woodall  had  experiment¬ 
ed  with  remote  access  on  his  office  sys¬ 
tems  —  installing  Microsoft  Terminal 
Server  —  but  he  had  to  take  a  hard  line 
with  users. 

“If  we  gave  people  free  rein  we’d  be  up 
here  24  hours  a  day”  he  says. 

But  increasingly,  students  and  faculty 
pushed  for  24-hour  access  to  the  labs 
and  remote  access  from  their  homes 
and  dorms.  While  the  school  recently 
received  $150,000  in  state  funds  to 
install  a  keycard  system  and  cameras  to 
secure  the  lab  after  hours,  Woodall  also 
began  exploring  remote-access  prod¬ 
ucts  and  settled  on  the  Netilla  Security 
Platform  from  Netilla  Networks. 

The  Netilla  appliance  works  in  con¬ 
junction  with  Microsoft  Terminal  Server 
to  offer  thin-client  remote  access  to 
applications  and  data.  The  system 
screens  and  intermediates  Secure 
Sockets  Layer  (SSL)-encrypted  sessions 
between  remote  user  and  applications 
sitting  on  the  network  servers.  Because 
the  Netilla  system  passes  only  mouse 
clicks  and  keystrokes  between  client 
and  server,  it  requires  only  a  thin  datas- 
tream,  making  it  possible  for  students  to 
access  applications  even  over  a  dial-up 
connection  —  albeit  with  some  delay. 

Woodall  explored  various  SSL-VPN 
products,  but  Netilla’s  ease  of  use 
impressed  him  most.  “Since  it’s  just  the 
two  of  us,  it  had  to  be  simple  to  use.  I’ve 
found  over  the  years,  no  matter  how 
great  the  technology,  if  it’s  not  easy,  the 
students  and  faculty  won’t  bother  with 
it,”  he  says. 

Making  the  grade 

Since  Woodall  installed  the  system  last 
fall,  students  and  faculty  have  raved 
about  how  the  Netilla  box  has  improved 
their  productivity  and  their  home  lives. 

“It’s  the  tool  I’ve  been  waiting  for,”  says 
Parviz  Razi,  associate  professor  for 
mechanical  engineering."!  teach  8  a.m. 
classes,  and  my  family  doesn’t  like  me 
working  late  on  campus.  So  if  I  didn’t 
finish  my  PowerPoint  presentation  for 
tomorrow’s  lecture  during  the  day, 
I’d  often  have  to  come  in  at  six  in  the 
morning.” 

Woodall  started  with  the  Netilla  busi¬ 
ness-class  version,  which  supports  150 
concurrent  users,  but  because  “people 
were  hammering  at  it  like  there  was  no 
tomorrow,”  he  quickly  stepped  up  to  the 
enterprise  version,  which  serves  400. 


Netilla  users  experience  a  delay,  espe¬ 
cially  when  accessing  processor-inten¬ 
sive  engineering  applications.  “If  you’re 
working  on  some  intricate  part  in 
AutoCAD, you  might  have  to  blow  up  the 
screen  to  make  sure  you’re  getting  it 
done  the  way  you  want  to, ’’Woodall  says. 
“Even  though  you  can  use  dial-up,  we 
recommend  broadband.” 

Razi  says,  “There  is  a  slight  delay 
in  using  it,  but  nothing  to  interfere  with 
performance.  And  considering  the  con¬ 
venience,  I  can  ignore  it.”  Netilla  also 
is  changing  the  way  Razi  interacts  with 
his  students.  When  the  labs  would  close 
at  5  p.m.,  often  students  wouldn’t  have 
all  lab  reports  and  graphics  completed 
on  time.  “So  now  when  they  make 
the  excuse  that  the  lab  is  closed  I  tell 
them  to  get  online,  no  more  excuses,” 
he  says. 

Cox  Communications  offers  Southern 
University  and  Louisiana  State  Uni¬ 
versity  students  and  faculty  discounted 
cable  broadband  for  $25  per  month.  But 
many  students,  including  Doye 
Brumfield,  still  find  that  price  out  of 
reach  and  use  Netilla  over  a  dial-up  con¬ 
nection.  Before  Netilla,  the  28-year-old 
mechanical  engineering  senior  often 
stayed  at  school  studying  until  mid¬ 
night,  which  didn’t  please  his  wife. 

“Sure,  it’s  different  from  using  the  lab 


computers,  which  are  very  fast.  But  the 
function’s  the  same,”  he  says.  Brumfield 
tries  to  work  around  his  wife’s  work 
schedule,  often  connecting  to  the 
servers  at  2  a.m.,  when  the  dial-up  sys¬ 
tem  is  less  crowded.  He  also  says  Netilla 
lets  him  use  applications  that  cost  thou¬ 
sands  of  dollars  on  his  midrange  Dell 
home  PC. 

At  LSU,  computer  manager  George 
Ohrberg  recently  launched  a  pilot 
of  Netilla  for  3,000-plus  students  and 
faculty  users  in  the  school  of  engineer¬ 
ing.  Unlike  Southern  University,  LSU 
offers  its  community  a  VPN  client  for 
remote  access  to  data.  But  Ohrberg  says 
it  results  in  numerous  help  desk  calls. 

“The  setup’s  supposed  to  be  straight¬ 
forward,  but  it  doesn’t  always  configure 
itself  correctly,”  he  says,  adding  that 
because  Netilla  requires  only  a  Java- 
enabled  browser  and  configures  itself, 
it’s  a  no-brainer. 

Ohrberg  also  says  his  team  is  exploring 
whether  Netilla  can  help  consolidate  the 
department’s  client  software  licenses. 
“Moving  to  server-based  licensing  might 
be  more  efficient  for  some  applications 
because  we  won’t  pay  for  what  we  don’t 
need,”  he  says.  In  contrast,  Woodall’s  not 
interested  in  this  strategy  because  all  his 
software  is  bought  using  a  campus  or  site 
licenses.  ■ 
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ON  SEPTEMBER  5th?  STEVE  HABER  HAD 
HIS  BUSINESS  TAKEN  FROM  HIM. 
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It  could  have  been  a  tragic  story. 

Fortunately,  Steve’s  critical  financial  data  was  backed  up  by 
a  Network  Attached  Storage  solution  from  Snap  Appliance. 
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Once  again,  data  is  undergoing  radical  changes.  But  this  time,  it’s  not  only  about  what  gets 
created,  it’s  where  and  how  it  is  protected.  Whether  it’s  an  individual,  workgroup,  department 
or  enterprise,  you  can  back  up  every  last  digital  bit  on  Snap  storage  and  file  server  solutions. 
Easy  to  implement,  easy  to  install  and  easy  to  manage.  In  fact,  one  out  of  every  two  Network 
Attached  Storage  installations  in  the  world  and  over  half  of  the  Fortune  500  rely  on  Snap 
servers  to  protect  their  critical  information.  1 -888-343-SNAP,  www.snapappliance.com 


Snap  Appliance 
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The  Mew 


An  owner’s 
handbook 

Today’s  top  companies  are 
accelerating  toward  Web-based 
computing.  That  means  building  the 
new  data  center  —  where  grids, 
virtualization,  autonomic  computing 
and  other  big  changes  shatter 
the  traditional  boundaries  on 
applications  and  information, 
and  bring  the  extended  enterprise 
to  life.  From  services-oriented  apps  to 
intelligent  infrastructure,  here’s  a  layer-by 
layer  guide  to  creating  this 
new  data  center. 


2:07PM  LOG  INTO  HOTSPOT2:08PM 
NET  WORK  SECURES  THIN  AIR  2:09  PM 
TRANSMIT  FILESTHROUGH  THIN  AIR 
2:25PM  UPDATE  PURCHASE  ORDER 
2:35PM  EXPENSE  COFFEE  ORDER 

The  more  freedom  you  give  employees  to  work  anywhere,  the  more  you  can  achieve. That's  good.  But,  at  the  same  time,  the  more  you  expose  yourself  to  intruders  and  worms.  That  s 
not  so  good.  How  far  can  a  network  travel  to  protect  your  office?  Now,  the  answer  is  everywhere.  Cisco  networks,  with  integrated  wireless  security,  protect  mobile  workers  who 
constantly  move  outside  the  safety  of  the  corporate  network.  So  information  is  secured.  No  matter  where  it  exists.  To  learn  more  about  how  Cisco  can  help  plan,  design  and  implement 

your  network  security,  visit  cisco.com/securitynow.  SELF-DEFENDIIMG  NETWORKS  PROTECT  AGAINST  HUMAN  NATURE. 


Cisco  Systems 


THIS  IS  THE  POWER  OF  THE  NETWORK.  nOW. 


•£>2004  Cisco  Systems,  Inc.  All  rights  reserved.  Cisco,  Cisco  Systems.  Cisco  IOS,  and  the  Cisco  Systems  logo  are  registered  trademarks 

or  trademarks  of  Cisco  Systems,  Inc.  and/or  its  affiliates  in  the  U.S.  and  certain  other  countries 
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SIMPLE 


LOW  COST 


SANS 


We  come  in  peace  to  rid  your  world 
of  costly,  complex  SANs. 


For  small,  medium  and  global  enterprises  that  demand  the  power  of  storage  networking  —  without 
the  cost  and  complexity  —  QLogic  is  the  company  behind  a  whole  new  generation  of  switches,  host 
bus  adapters  and  software  for  simple,  low  cost  SANs. 


Simple.  Low  Cost.  SANs.  They’re  Here. 


www.qlogic.com 


©2004  QLogic  Corporation.  All  rights  reserved.  QLogic  is  a  registered  trademark  of  QLogic  Corporation.  The  QLogic  logo  is  a  trademark  of  QLogic  Corporation,  which  may  be  registered  in  some  jurisdictions. 
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AN  EDITORIAL  SUPPLEMENT  TO  NETWORK  WORLD 

BEGINNING  AT  RIGHT,  we  explore  the  new 
data  center  concept  and  provide  a  layer-by- 
layer  guide  to  its  creation. 


FROM  HERE  TO  THE  NEW  DATA 

CENTER  Migrating  to  the  new  data  center 
means  making  an  abundance  of  decisions. 

DRAMA  AT  THE  COMPOTING 

CORE  The  stage  is  set  for  delivery  of  on- 
demand’s  grand  promises  —  more  efficient 
and  flexible  use  of  IT  hardware  and  software. 

THE  NETWORK  BEHIND  THE 

NEW  DATA  CENTER  A  smarter,  more 

robust  infrastructure  will  turn  once  dis¬ 
parate  network,  computing  and  storage 
resources  into  a  unified  system. 

TAKING  APPLICATIONS  TO 

THE  NEXT  STEP  In  the  new  data  center, 

enterprise  apps  will  act  as  loosely  coupled, 
modular  network  services  that,  when  linked 
together,  create  complex  business  processes. 

ILM  IN  ACTION  Within  the 

new  data  center,  data  moves  from  one  stor¬ 
age  resource  to  the  next  based  on  informa¬ 
tion  life-cycle  management  policies. 

A  DELECTABLE  STORAGE 

PLAN  By  employing  new  data  center  tech¬ 
nologies  to  address  a  storage  binge,  Krispy 
Kreme  baked  up  a  new  backup  scheme. 

TREATING  MANAGEMENT 
AND  SECORITY  AS  ONE  In  the  new  data 

center,  technologies  that  protect  and  control 
will  work  more  closely  together. 

MAKING  THE  CASE  FOR  THE 
NEW  DATA  CENTER  A  California  law  firm 

puts  some  of  the  hottest  technologies  into 
practice. 
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The  rise  of  Web-centric  computing 
means  shifting  from  a  physical  to  a 
logical  view  of  IT  assets. 


■  BY  JOHN  GALLANT 

Ts  he  German  philosopher  Friedrich  Nietzsche  said,  “What  does 
not  destroy  me  makes  me  stronger.”  Well,  if  surviving  the 
boom/bust  IT  cycle  didn’t  fry  your  wiring,  you  must  be  feeling 
powerful  indeed.  Still,  don’t  breathe  a  sigh  of  relief  just  yet. You’re  going  to 
need  all  the  muscle,  sinew  and  calluses  you’ve  built  up  to  wrestle  with  the 
industry-shaking  changes  ahead. 

Major  technology  suppliers  and  forward-thinking  network  and  IT  executives  agree  that  a  new,  Web¬ 
centric  computing  model  is  taking  shape.  But  they  don’t  agree  on  what  it  ultimately  will  look  like  or 
what  we’ll  call  it.  Will  it  be  an  on-demand  computing  world,  as  preached  by  IBM?  Will  it  be  the  grid 
mania  pushed  by  Oracle, Sun  and  others?  Are  we  building  toward  utility  computing,  autonomic  com¬ 
puting,  virtualization  or  something  else  entirely? 

Technology  giants  such  as  Cisco,  EMC,  HP  and  Microsoft  —  along  with  the  aforementioned 
titans  —  are  battling  for  your  hearts  and  minds.  And  to  the  architectural  victors  will  go  the  rev¬ 
enue  spoils  in  the  decade  to  come. 

(Need  proof?  Just  consider  client/ 
server  and  the  current  dominance  of 
the  Wintel  camp.) 

You’ve  got  to  sort  through  these  lofty 
visions  and  study  the  road  maps  of 
your  key  technology  vendors, all  while 
trying  to  make  big  choices  about  vir¬ 
tually  every  layer  of  your  infrastruc¬ 
ture  and  the  applications  on  top  of  it. 

Don’t  worry;  we’re  here  to  help  you 
get  a  handle  on  the  changes  ahead.  In 
this  supplement,  and  several  more 
throughout  the  year,  we’ll  explore  a 
concept  we’re  calling  the  new  data 
center. The  emergence  of  the  new  data 
center  represents  a  quiet  revolution  in 
IT,  one  that  holds  risk  and  reward  for 
you  and  your  strategic  suppliers. 

Whether  the  industry  ultimately  calls 
the  coming  years  “the  New  Data  Center 
era,”  only  time  will  tell.  But  we  offer  the 


The  new  data 
center  framework 


Web-enabled  or  service-oriented  applications 


Infrastructure  software 


Virtualized  storage 


Virtualized  and  distributed  computing 
infrastructure  or  services 


Virtualization  LAN  and  Web  infrastructure 
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concept  as  a  reference  point  for  use  while  design¬ 
ing  your  new  networked  IT  environment. 

The  big  picture 

Let  me  explain  what  we  mean  by  the  new  data 
center. 

The  traditional  data  center  is  the  core  comput¬ 
ing  environment  that  hosts  critical  business 
applications.The  new  data  center  recognizes  the 
increasingly  distributed  nature  of  Web-enabled 
applications  and  the  realities  of  business-to-busi- 
ness  —  or  extended  enterprise  —  networks.  In 
this  new  data  center  environment,  applications 
and  resources  exist  beyond  the  boundaries  of 
stand-alone  devices.  Of  course,  design,  security 
and  management  skills  are  required  to  accom¬ 
modate  that  fundamental  shift. 

Within  the  new  data  center,  applications  are 
built  on  components  and  services  that  span  the 
extended  enterprise.  Storage,  computing  and  net¬ 
work  resources  become  virtualized  and  are 
called  upon  by  far-flung  applications  and  users. 

So,  at  its  essence,  the  new  data  center  isn’t  sim¬ 
ply  a  new  physical  design.  It’s  a  new  logical  view 
of  how  IT  assets,  including  outsourced  services, 
are  deployed,  managed  and  secured  across  a 
new  networked  computing  landscape. 

Myriad  forces  are  driving  you  to  explore  the  new 
data  center  model  —  ROl  pressure,  business-to- 
business  networking,  wireless  computing,  Web- 
enabled  or  services-oriented  applications.These 
forces  are  topped  off  by  the  desire  to  embrace 
new  ideas,  initiatives  and  technologies  from  lead¬ 
ing  vendors  and  innovative  newcomers  that 
promise  to  reduce  costs  and  improve  business 
processes.  Among  these  are: 

•  On-demand  and  utility  computing,  where 
computing  resources  are  provided  and  con¬ 
sumed  like  utility  services  on  an  as-needed 
basis.  IT  might  provide  computing  services,  or 
you  might  buy  them  from  a  systems  integrator  or 
outsourcer. 

•  Autonomic  computing,  where  IT  resources 
are  built  to  be  self-managing  and  self-healing. 

•  Grid  computing,  where  unused  computing 
resources  across  an  organization  or  among  orga¬ 
nizations  are  tapped  to  meet  changing  needs  for 
processing  power. 

•  Virtualization,  where  storage,  computing 
power  and  network  services  are  provided  as 
pools  of  resources  to  be  drawn  upon  as  needed. 
With  virtualization,  a  collection  of  devices,  say, 
storage  systems,  appears  to  be  a  single,  easily 
accessible  resource. 

The  choices  created  by  so  many  new  ideas 
can  be  daunting.  Not  only  are  traditional  prod¬ 
uct  lines  and  functions  blurring  —  such  as  net¬ 
work  infrastructure  and  Web  infrastructure  — 
but  also  the  strategies  of  your  key  suppliers 
might  be  at  odds.  Many  suppliers  already  well- 
entrenched  in  traditional  data  centers  have 
outlined  competing  autonomic  computing 
initiatives. 

Keep  in  mind  that,  as  in  earlier  major  transi¬ 
tions  in  the  IT  industry,  the  quiet  revolution  of 
the  new  data  center  will  give  you  considerable 
leverage  with  suppliers.  As  vendors  are  keenly 
aware,  the  new  data  center  evolution  gives  you 
the  opportunity  to  shift  your  loyalty  and  change 
your  spending  patterns.  Simply  put,  no  vendor 
—  no  matter  how  entrenched  —  has  a  lock  on 
you.  Suppliers  that  fail  to  realize  this  do  so  at 
their  own  peril. 


A  layer-by-layer  look 

Servers:  At  the  heart  of  the  new  data  center 
evolution  is  the  strategic  choice  of  computing 
platform.  Which  platform  can  best  support  tradi¬ 
tional  applications  such  as  ERP  and  CRM,  and 
emerging  services-oriented  and  Web-enabled 
applications?  You  have  to  choose  among  stan¬ 
dard  Intel  servers,  proprietary  hardware  and 
blade  servers,  and  prepare  for  the  emergence  of 
64-bit  systems  as  well  as  grid-enabling  and  virtu¬ 
alization  technologies.  Or  you  could  opt  to  em¬ 
brace  on-demand  products  that  essentially  out¬ 
source  processing. 

Infrastructure  software:  Then,  you  have  to  pick 
the  best  roles  for  competing  operating  systems 
(Unix,  Linux, Windows), each  of  which  is  traveling 
a  different  trajectory  of  success.  In  the  Windows 
world,  you’re  looking  at  a  variety  of  upgrades  to 
the  operating  system  and  other  core  Microsoft 
software  components  to  support  greater  collabo¬ 
ration  and  applications  integration. 

You’ll  also  have  to  pick  a  development  plat¬ 
form  for  a  new  generation  of  Web  applications. 
If  you  aren’t  already  hip  deep  in  the  standards, 
security  and  manageability  issues  surrounding 
these  new  applications,  you  soon  will  be. 

Network  and  Web  infrastructure:  Your  network 
infrastructure  will  need  to  be  able  to  handle  the 
new  demands  of  collaboration  and  the  explo¬ 
sion  in  Web-based  applications.  Be  prepared  to 
provide  high-quality  support  for  VoIP  and 
emerging  Session  Initiation  Protocol  applica¬ 
tions.  That  likely  means  upgrading  backbone 
and  data  center  switches  to  10G  bit/sec  Ether¬ 
net  and  upgrading  wiring  closets  to  1G. 

Many  companies  also  have  deployed  an  array 
of  new  devices  to  solve  problems  specific  to 
high-volume,  high-transaction-level  Web  sites 
and  new  Web-enabled  applications  —  Layer  4  to 
Layer  7  switches,  Secure  Sockets  Layer  accelera¬ 
tion  and  load  balancing,  for  example.  An  entire 
ecosystem  of  Web  infrastructure  vendors  com¬ 
petes  not  only  on  product  features  but  also  on 
the  ability  to  consolidate  more  functionality 
into  one  device.  Ultimately,  though, you’ll  want 
to  build  a  single  network  infrastructure  rather 
than  continuing  to  bolt  on  gear  for  each  new 
network  challenge.  That  will  lead  to  a  clash 


between  Web  and  traditional  infrastructure  ven¬ 
dors  for  control  of  a  unified  network  that  sup¬ 
ports  existing  and  new  distributed  applications. 

Wireless/mobility:  Your  employees  are  pack¬ 
ing  Wi-Fi-enabled  laptops  and  using  Wi-Fi  in 
hotels  and  at  home.  As  your  business  unit  exec¬ 
utives  discover  how  untethered  computing 
speeds  decision-making  and  boosts  customer 
service,  you’ll  face  pressure  to  weave  wireless 
into  the  infrastructure.  Will  you  upgrade  your 
existing  switches  for  wireless  or  take  advantage 
of  new  wireless  LAN  switches  that  aid  in  wire¬ 
less  design,  deployment  and  security?  How  will 
you  blend  2.5G  and  3G  data  services  with  Wi-Fi 
hot  spots  to  give  employees  seamless,  high¬ 
speed  data  access?  Also, gird  yourself  for  a  flood 
of  new  wireless  applications. 

Storage:  This  market  will  continue  to  undergo 
rapid  change  driven  by  the  ongoing  networking 
of  storage  resources  and  the  push  to  virtualize 
storage.  What  role  will  storage-area  networks, 
network-attached  storage  and  storage  over  IP 
play  in  your  plans?  Key  business  issues  also  are 
reshaping  the  storage  scene.  The  corporate 
types  want  new  ways  to  glean  business  intelli¬ 
gence  from  stored  information.  New  compli¬ 
ance  and  reporting  rules  mean  skyrocketing 
storage  demands. 

Security:  Strong  security  is  a  must  in  the  new 
data  center,  but  remains  elusive.  Threats  con¬ 
tinue  to  morph  and  intensify,  while  companies 
try  to  make  applications  more  distributed  and 
information  more  accessible.  The  combination 
is  dangerous. 

In  the  years  ahead,  you’ll  have  to  choose  how 
best  to  deploy  security  throughout  the  new 
data  center:  What  hardware,  software  and  net¬ 
work  infrastructure  security  should  you  install? 
What  role  should  managed  security  services 
play,  if  any?  How  will  you  manage  the  tidal  wave 
of  data  from  a  growing  array  of  security  tools? 
Add  in  headaches  from  constantly  patching 
buggy  software  and  mix  in  the  security  chal¬ 
lenges  of  wireless,  and  you’ve  got  a  hangover- 
inducing  brew. 

Network  and  systems  management:  With  the 
new  data  center  come  new  requirements  for  sys¬ 
tems  and  network  management.  Major  vendors 

See  New  data  center,  page  8 


Driven  to  a  new  vision 


Many  forces  are  pushing  IT  to  explore  the  new  data  center  model.  Among  them: 

•  The  need  to  support  the  extended  enterprise.  As  companies  link  their  systems  and  applica¬ 
tions  with  those  of  customers  and  suppliers,  the  applications,  and  the  underlying  infrastructure, 
must  evolve. 


•  The  need  to  cut  costs  and  maximize  use  of  existing  resources  (boosting  that  old  ROl). 

•  Improving  application  performance  and  scalability. 

•  The  need  to  support  greater  mobility  and  ubiquitous  access  to  information  and  applications. 

•  The  move  from  monolithic  applications  to  Web-enabled  applications  and  services-oriented 
software,  where  applications  are,  in  essence,  a  collection  of  services  pulled  together  to  support 
business  functions. 

•  The  need  to  improve  manageability  and  reliability,  as  well  as  to  ensure  business  continuity  in 
the  face  of  disasters  or  threats  to  IT  assets. 


•  Adoption  of  a  more  comprehensive  approach  to  securing  information  and  resources. 


•  The  ability  to  upgrade  intelligently.  During  the  past  lean  years,  IT  shops  have  pushed  re¬ 
sources  to  their  limits.  As  they  weigh  new  investments,  they  want  to  ensure  that  new  technolo¬ 
gies  mesh  intelligently  with  a  new  architecture. 


V 


Time  is  money.  So  it’s  important  to  get  new  business  software  up  and  running  quickly.  Which  is  why  SAP  solutions  built  on  the  open 
SAP  NetWeaver  platform  make  so  much  sense.  Because  they’re  designed  with  fast  implementation  in  mind,  you  can  see  business  results  quickly. 
Visit  sap.com/speed  or  call  800  880  1727  to  see  how  fast  SAP  can  make  things  happen  for  your  company. 
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Data  center 
continued  from  page  6 

must  move  beyond  device  management  to  pro¬ 
vide  clear  views  of  application  performance  — 
and  then  offer  the  tools  that  will  help  you  guaran¬ 
tee  application  performance.  Plus, you’ll  be  facing 
the  need  to  better  support  mobile  devices,  the 
integration  of  network  and  security  management, 
and  getting  to  know  and  love  the  autonomic  —  or 
self-healing  —  management  strategies  of  major 
vendors  from  IBM,  HP  and  Microsoft. 

The  WAN:  Because  the  new  data  center  ex¬ 
tends  beyond  the  traditional  boundaries  of  the 
glass  house,  your  wide-area  infrastructure  has  to 
adapt  to  ensure  strong  performance  of  distrib¬ 
uted  applications  and  ubiquitous  data  access.  In 
addition  to  exploring  new  IP-based  network  ser¬ 
vices  —  as  a  replacement  for,  or  complement  to, 
traditional  data  service  offerings  —  customers 
are  pushing  services  providers  to  envision  and 
deploy  the  next  generation  of  managed  ser¬ 
vices.  So  far,  the  results  are  mixed. 

Applications:  Evolving  current  applications  and 
developing  new  apps  to  capitalize  on  the  new 
data  center  environment  present  other  big  hur¬ 
dles.  Like  you,  vendors  must  retool  their  applica¬ 
tions  around  distributed  services  and  compo¬ 
nents.  While  application  service  providers  strug¬ 
gled  initially  the  idea  has  taken  root  (note  Sales- 
force.com  as  an  example)  and  likely  will  influ¬ 
ence  purchase  decisions.  Packaged  applications 
vendors  will  have  to  deal  with  the  stigma  of  prod¬ 
ucts  that  are  difficult  and  costly  to  deploy  They’ll 
also  have  to  revisit  the  way  they  price  and  support 
products  in  the  new  data  center. 

End-user  computing:  Let’s  not  forget  the  desk¬ 
top.  After  years  of  anemic  purchasing,  corporate 
America  is  upgrading  older  desktops  and  em¬ 
bracing  Wi-Fi-enabled  laptops.  Many  new  desk¬ 
top  systems  in  a  business  setting  will  come 
equipped  with  Gigabit  Ethernet  connections, 
which  will  force  changes  in  network  infrastruc¬ 
ture.  Stop  thinking  of  the  PC  as  the  end-user  ter¬ 
minal.  In  the  new  data  center  world,  the  PC  is  the 
portal  to  IP-based  collaboration  —  from  instant 
messaging  to  telephony  and  video,  not  to  men¬ 
tion  presence  awareness.That  changes  your  traf¬ 
fic  dynamics,  purchasing  criteria  and  support 
expectations.  With  the  changes  in  every  other 
aspect  of  your  infrastructure  and  applications, 
why  should  the  desktop  be  any  different? 

Wrapping  it  up 

Exhausted  yet?  You’re  likely  to  be.  The  sum  of 
all  these  changes  will  be  greater  than  the  early 
impact  of  the  Internet. The  new  data  center  is  an 
attempt  to  capitalize  on  the  true  power  of  the  In¬ 
ternet  and  Web  computing. 

You’ll  find  yourself  busier,  more  pressured  and 
in  greater  need  of  information  and  guidance 
than  at  any  period  in  the  past. 

You’ll  have  to  stay  focused  on  cost  cutting 
while  investing  in  products  and  services  that 
move  your  company  toward  the  new  data  cen¬ 
ter.  You’ll  have  to  study  the  strategies  of  your  key 
suppliers  to  determine  what  works  for  you  and 
what’s  plain  hooey 

Do  this  right  and  you’ll  position  your  company 
for  success  by  being  able  to  roll  out  applications 
far  more  quickly,  automate  more  business  proc¬ 
esses,  cut  costs  and  keep  workers  and  business 
partners  in  constant  contact.  It  won’t  kill  you.  In 
fact, you’ll  just  keep  getting  stronger.® 
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How  should  I  deploy  Web  services  and 


service-oriented  architectures? 


•  How  can  I  track  or  partake  in  stan 


dards  creation  for  Web  services? 

•  What's  the  best  way  to  mobility-enable 
applications? 


•  When  should  I  roll  out  64-bit  server 
platforms,  and  what  affect  will  they  have 
on  my  applications? 

•  Where  should  I  use  blade  servers? 

•  Can  I  take  advantage  of  grid 
computing? 

•  What  management  tools  are  available 
for  supporting  blade  servers,  grid  and 
autonomic  computing? 
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•  How  can  I  take  advantage  of  better 
collaboration  and  application  integration 
available  in  new  versions  of  Windows  and 
other  platforms? 

•  Where  should  I  use  open  source  soft¬ 
ware?  On  servers?  The  desktop?  For 
databases  or  other  applications? 

•  When  and  where  should  I  apply  virtual¬ 
ization  software? 
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•  How  can  I  best 
support,  manage  and 
secure  wireless  LANs? 

•  * ;_!» do  I  support  and  secure  access 
from  public  Wi-Fi  and  cellular  data 
services? 


•  How  does  storage-over-IP  fit  in? 

•  How  will  I  handle  increased  storage 
requirements  stemming  from  regulatory 
compliance? 

•  Do  my  disaster-recovery  and  back-up 
plans  need  rethinking? 

•  Can  I  virtualize  my  storage? 

•  How  will  I  implement  information  life- 
cycle  management? 


•  What  upgrades  do 

I  need  to  support  , 
greater  desktop  s  VI/ 

•  When  and  where  should  I  ®  ( 

deploy  Gigabit  Ethernet  to 

the  desktop? 

•  What  role  will  10G  Ethernet  play? 

•  Can  I  take  advantage  of  new,  lower- 
cost  routing  options? 

•  Which  of  the  many  new  devices  for 
supporting  multiple  virtual  functions 
should  I  deploy  (switching,  caching  and 
security,  for  example)? 

•  Where  should  I  use  SSL  VPNs  vs. 
IPSec  VPNs? 


•  Can  I  effectively  manage  all  my  secur¬ 
ity  data? 

•  How  do  I  blend  my  trusty  traditional 
security  methods  with  new  hardware 
and  software  tools  and  managed  secur¬ 
ity  options? 

•  How  can  I  best  deal  with  internal  secu¬ 
rity  threats? 

•  Do  I  have  the  most-effective  strategies 
for  patch  management,  virus  prevention 
and  spam  control? 

•  How  will  I  handle  identity  management? 


•  Should  I  integrate  security  manage¬ 
ment  with  other  device  management? 

•  How  can  I  manage  autonomic,  grid  and 
utility  computing  implementations? 

•  When  and  where  will  I  use  outsourced 
management  options? 
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IS  BACKUP  DRIVING  YOU 
TO  THE  EDGE? 

INTRODUCING  THE  DX100.  ► 
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THE  ANSWER  IS  X. 


QUANTUM 

DX100 


►  Get  a  FREE 
copy  of  The 
Backup  Book* 

and  download  our 
enterprise  white  paper! 
Enter  code  ADV078  at 
www.theanswerisX.com 

’First  100  respondents  only. 


Superior  disk-based  backup  for  the  enterprise.  When  the  stress  of 
the  workday  pushes  you  to  the  edge,  one  thing  you  shouldn't  have  to  worry  about 
is  restoring  your  data.  The  Quantum  DX100  gives  you  one  less  thing  to  worry 
about  The  Answer  is  X.  The  new  DX100  is  an  optimized  disk-based  backup  and 
restore  solution  that  enables  IT  professionals  to  significantly  decrease  their  backup 
window  while  dramatically  boosting  data  availability.  Plus,  it  seamlessly  integrates 
into  virtually  any  existing  network  environment,  thus  preserving  your  backup 
processes.  For  the  complete  answer,  call  866-827-1500,  or  visit  us  on  the  Web  at 
www.theanswerisX.com. 
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BIG-IP:  The  Essential  Component  Foi 


F5  Networks’  BIG-IP®  Blade  Controller  helps  enterprises  get  maximum  efficiency,  reliabilii 


United  Title,  a  leading  title  and  escrow 
company,  turned  to  blade  servers  when  it 
needed  a  high-density  server  solution  in  its 
automated,  unmanned  data  center.  CRG  - 
Total  Event  Solutions,  an  event  management 
and  planning  company,  likewise  installed 
blades  to  deliver  high  availability  and 
peak  performance  for  its  event  registration 
Web  sites.  _ 

These  are  but  two  of  the  many 
enterprises  turning  to  blade  server  tech¬ 
nology  to  pack  more  processing  power 
into  a  smaller  area  while  simplifying 
deployment  and  management.  As  more 
companies  install  blades,  however,  they 
find  blades  alone  won't  solve  all  their 
problems.  To  gain  maximum  efficiency 
and  reliability,  companies  including 
United  Title  and  CRG  also  installed  F5's 
BIG-IP  Blade  Controller  software  to 
maintain  maximum  uptime,  perform¬ 
ance  and  security. 

Blade  server  computing  is  catching 
on  in  a  big  way,  according  to  market 
research  firm  IDC,  which  expects  sales  of 
Intel-based  blades  to  grow  from  $148 
million  in  2002  to  $2.9  billion  by  2005. 

For  all  their  obvious  benefits,  however, 


fail,  BIG-IP  software  directs  traffic  to  another 
blade,  improving  overall  availability  for  end  users. 
It  also  offloads  Secure  Sockets  Layer  (SSL)  process¬ 
ing  and  handles  other  security  chores. 
Collectively,  these  features  give  organizations  the 
flexibility  they  need  to  scale  their  server  environ¬ 
ments  while  maintaining  control,  availability  and 
the  cost  savings  that  blades  can  bring. 


BIG-IP  GIVES  YOU  CONTROL  OVER  BLADES 


Application  Server 
Application  Server 
Database 
Cache 


FireWail 
Web  Server 
Web  Server 
Web  Server 


BIG-IP8  Intercepts,  Inspects, 
transforms,  and  directs  all  IP  based 
traffic  to  the  most  appropriate 
application  or  resource  depending 
on: 


Performance 

Availability 

Security 

Reliability  of  the  server  blades 
or  applications 


CRG  likewise  installed  blade  servers  to  support 
the  "shrink-wrapped"  registration  Web  sites  that 
it  offers  to  customers.  With  as  many  as  20  high- 
profile  events  occurring  simultaneously,  each  with 
potentially  thousands  of  applicants  registering  at 
the  site,  CRG  needed  both  24/7  availability  and 
efficient  load  balancing. 

"We  needed  to  achieve  as  close  to  100% 

_  uptime  as  possible.  We  also  needed  to 

know  that  whenever  we  needed  to  run 
updates  or  run  maintenance  on  the  sys¬ 
tem,  that  we  would  avoid  downtime," 
says  Scott  Hankinson,  VP  of  Information 
Technology  for  CRG.  F5's  BIG-IP  Blade 
Controller  software  enabled  CRG  to 
unify  independent  application  and  serv¬ 
er  resources  and  present  them  as  one. 
That  enabled  the  company  to  create  a 
highly  scalable  platform  while  ensuring 
that  the  blade  servers  and  applications 
were  always  available  and  secure,  even  if 
one  blade  is  taken  out  for  maintenance. 


Load  Balancing  and 
IP  Traffic  Management 


ACHIEVING  RESOURCE  EFFICIENCY 
Most  companies  have  discovered 
that,  as  their  server  environments  grow 
larger,  they  require  significant  IT  staff 
resources  to  manage.  Installing  blade 


blades  are  subject  to  some  of  the  same  manage¬ 
ment  challenges  as  traditional  servers.  For  one, 
although  individual  blades  and  the  applications 
running  on  them  may  physically  sit  in  the  same 
chassis,  they  have  no  inherent  knowledge  of  one 
another  -  no  more  so  than  two  servers  sitting  side 
by  side  in  a  data  center.  That  means  blades  will 
not,  by  themselves,  back  up  one  another  during  a 
hardware  or  application  failure.  Similarly,  you 
can't  count  on  application  optimization  or  securi¬ 
ty  features  being  built-in. 

F5's  BIG-IP  Blade  Controller  software  helps 
address  these  issues,  adding  improved  reliability 
and  performance  to  blade  server  implementa¬ 
tions.  BIG-IP  software  runs  on  one  or  two  blades 
within  a  blade  server  chassis  and  creates  a  single 
virtual  server  out  of  all  remaining  blades. 
Intelligent  traffic  management  techniques  help 
BIG-IP  effectively  direct  traffic  for  all  IP-based 
applications  running  in  the  blade  server  chassis, 
including  Web  servers,  application  servers,  caches 
and  firewalls.  Should  a  single  blade  or  application 


CUSTOMER  SUCCESS  STORIES 

United  Title  installed  20  HP  ProLiant  BL  lOe 
server  blades  in  a  single  enclosure  to  garner  the 
processing  power  it  needed  to  run  critical  busi¬ 
ness  applications.  The  blades  enabled  the  compa¬ 
ny  to  fit  all  the  processing  power  it  needed  in  a 
mere  10x10  foot  cage  that  houses  a  remote, 
unmanned  data  center. 

While  the  blades  solved  the  space  problem, 
United  Title  still  needed  a  better  load  balancing 
solution  for  its  Web  server  traffic.  It  opted  for 
F5's  BIG-IP  solution  that  integrates  directly  with 
its  HP  blades.  "Having  a  premier  load  balancing 
and  traffic  management  software  solution  inte¬ 
grated  directly  into  the  HP  ProLiant  server  blade 
architecture  was  ideal  for  our  situation,"  says 
Peter  Bowman,  CIO  for  Nations  Holding  Group, 
which  owns  United  Title.  "This  unique  combina¬ 
tion  is  a  testament  to  how  well  HP  and  F5  work 
together.  They  provide  solutions  with  the  reliabil¬ 
ity,  performance  and  scalability  we  need  for  our 
Web  applications." 


servers  makes  managing  the  hardware  simpler, 
but  it  doesn't  address  how  to  effectively  tie  all 
redundant  applications  together.  In  the  end, 
many  organizations  wind  up  wasting  computing 
resources  in  their  efforts  to  provide  redundancy. 

BIG-IP  Blade  Controller  software  addresses 
these  issues  with  its  ability  to  present  multiple 
servers  and  applications  as  one,  a  concept  known 
as  virtualization.  Users  can  create  a  virtual  server 
by  grouping  resources  based  on  fP  address  or 
application.  Dynamic  load  balancing  capabilities 
ensure  that  each  request  goes  to  the  server  that  is 
best  able  to  handle  it.  Rather  than  managing 
hundreds  of  discrete  units,  customers  can  manage 
their  blade  and  application  resources  as  one 
system,  dramatically  simplifying  the  job  and 
potentially  reducing  the  number  of  blades 
required  to  satisfy  a  given  application. 


PROVISIONING  IN  A  MULTI- VENDOR  WORLD 
BIG-IP  Blade  Controller  software  runs  on  blade 
servers  from  leading  blade  vendors,  including  HP, 


View  the  Webcast  featuring  F5’s  BIG-IP  Blade  Server  at 

www.nwfusion.com/go/F5 
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and  security  from  blade  server  implementations. 


Sponsored  by 


Dell  and  IBM.  Companies  that  are  migrating 
applications  from  traditional  servers  to  blade 
environments  will  find  BIG-IP  Blade  Controller 
enables  them  to  manage  traffic  both  within  and 
outside  the  blade  environment.  By  virtualizing 
all  of  the  resources  behind  each  application,  BIG-IP 
also  eases  the  migration  of  applications  from 
traditional  servers  to  blades. 

F5  also  offers  a  wide-area  traffic  management 
tool  on  blades,  the  3-DNS  Controller.  3-DNS  shut¬ 
tles  end  user  requests  to  the  most  appropriate 
data  center  based  on  business  policies,  conditions 
at  each  center  and  network  conditions,  helping  to 
ensure  global  business  continuity  and  availability. 

TYING  IN  APPLICATIONS  WITH  ICONTROL 

F5  created  an  open  API,  called  iControl, 
enabling  two-way  communication  between 
BIG-IP  and  multiple  vendor  applications.  Based 
on  the  SOAP  and  XML  standards,  iControl 
enables  an  application  or  network  hardware 
component  to  tell  BIG-IP  that  it  is  available  and 
to  automatically  add  it  to  the  virtual  pool  of 
available  resources.  Several  blade  server  ven¬ 
dors,  as  well  as  many  application  providers  such 
as  Microsoft  and  Oracle,  have  either  already 
delivered  this  type  of  integration  with  BIG-IP  or 
are  working  to  do  so. 


The  iControl  interface  enables  BIG-IP  to  inte¬ 
grate  with  custom  and  packaged  applications, 
creating  a  tightly  integrated  environment  that 
reduces  hardware  and  application  provisioning 
time  and  delivers  total  control  of  Internet  traffic. 

Together,  blade  servers  and  iControl  can 
dramatically  reduce  the  time  it  takes  to  provision 
new  hardware  and  applications.  Provisioning 
normally  requires  tight  coordination  between 
network,  system  and  application  personnel, 
making  it  a  process  that  is  prone  to  delay.  Blade 
servers  help  address  the  hardware  side  of  the 
problem,  since  blades  are  typically  hot-plug¬ 
gable,  while  iControl  addresses  the  application 
end.  Additionally,  BIG-IP's  dynamic  server 
allocation  and  load  balancing  algorithm  can 
bring  applications  online  automatically  when 
user  thresholds  are  met.  For  example,  if  a  Web 
server  is  experiencing  an  abnormally  high  load, 
BIG-IP  could  automatically  pull  additional  Web 
server  power  from  the  virtual  pool  of  resources  - 
all  without  manual  intervention. 

AVAILABILITY,  SCALABILITY,  SECURITY 
In  addition  to  its  dynamic  load  balancing  algo¬ 
rithms,  BIG-IP  has  flexible  rules  as  well  as  applica¬ 
tion  and  server  health  monitoring  capabilities 
to  intelligently  direct  traffic  to  the  optimal 
individual  server  at  any  given 
point  in  time.  BIG-IP  also  has 
extensive  failover  capabilities, 
enabling  it  to  redirect  traffic 
around  failed  servers  or  applica¬ 
tions  and  to  ensure  that  a  down 
server  or  application  doesn't 
affect  the  user  experience.  In  short, 
BIG-IP  increases  overall  server  avail¬ 
ability  and  scalability,  as  well  as 
performance. 

BIG-IP  software  also  helps 
address  the  number  one  concern 
for  many  enterprises  these  days  - 
security.  For  starters,  BIG-IP  can 
offload  the  encryption  and 
decryption  of  SSL  traffic  from  indi¬ 
vidual  servers.  That  saves  process¬ 
ing  power  on  the  individual  Web 
servers  that  no  longer  have  to 
process  SSL  requests.  It  also 
enables  the  enterprise  to  save 


money  on  SSL  certificates — which  cost  an  aver¬ 
age  of  $1,000  apiece — because  they  need  only 
one  for  the  BIG-IP  implementation  instead  of 
individual  certificates  for  each  server  that  handles 
SSL-enabled  applications. 

Other  features  built  into  BIG-IP,  such  as  its 
Universal  Inspection  Engine,  enable  the  software 
to  look  for  viruses,  malformed  payloads  and  other 
potentially  dangerous  types  of  traffic.  BIG-IP  also 
protects  against  denial  of  service  (DOS)  attacks 
with  its  SYN  Check  feature,  which  proxies  Layer  4 
and  Layer  7  connections  until  they  are  authenti¬ 
cated.  In  other  words,  BIG-IP  lets  the  good  traffic 
through  and  keeps  the  bad  traffic  out. 

RETURNING  TO  ITS  ROOTS 

In  many  respects,  BIG-IP  Blade  Controller 
represents  a  return  to  F5's  origins.  While  the 
company  has  always  focused  on  producing  soft¬ 
ware  that  improves  application  performance, 
availability,  reliability  and  security,  it  originally 
married  its  software  with  high-performance 
hardware  platforms,  delivering  its  products 
in  an  appliance  format.  The  strategy  proved 
effective,  earning  F5  high  marks  from  its 
customers  as  well  as  the  analyst  community. 

"We  still  consider  F5  to  be  the  thought 
leader  in  the  market.  It  continues  to  add  to  a 
broad  product  offering  and  includes  a  dizzying 
group  of  features,  some  of  which  competitive 
vendors  have  built  entire  product  offerings 
around,"  reports  Gartner,  Inc.  in  its  November 
2002  "Web  Optimization  Magic  Quadrant" 
report,  which  positions  F5  as  the  market  leader. 
"We  are  also  seeing  the  fruits  of  F5's  iControl 
strategy.  Tangible  examples  of  partner  and 
end-user  integration  of  iControl's  functionality 
are  emerging." 

The  market  research  firm  ZapThink  LLC, 
based  in  Waltham,  Mass.,  likewise  has  words 
of  praise  for  BIG-IP,  iControl  and  3-DNS  in  its 
May  2003  report,  "Optimizing  Web  Services  in 
the  Enterprise."  "F5  Networks'  products  tran¬ 
scend  the  current  understanding  of  what  a 
network  device  does  and  its  role  in  the  enter¬ 
prise  architecture,"  the  report  says.  "F5  is 
facilitating  the  optimization  of  Web  services 
in  the  enterprise  and  helping  to  make  the 
secure,  efficient  and  reliable  integration  of 
systems  a  reality." 


TYING  IN  THE  APPS  WITH  iCONTROL 


The  F5  iControl  interface  enables  BIG-IP  to  integrate  with  custom 
and  packaged  applications,  creating  a  tightly-integrated  environ¬ 
ment  that  reduces  hardware  and  application  provisioning  time  and 
delivers  total  control  of  Internet  traffic. 


Learn  more  about  F5’s  BIG-IP  Blade  Controller  and  the  rest  of  the  F5  product  family. 

Go  to:  www.f5.com/nwwbc 
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The  stage  is  set  for  delivery  of  on-demand’s  grand  promises^ 
more  efficient  and  flexible  use  of  IT  hardware  and  software.: 

■  BY  JENNIFER  MEARS 

rom  the  beginning,  IT  executives  at  Boscov’s  depart¬ 
ment  store  have  had  a  mainframe  bias.  Today  as 
they  think  about  evolving  this  family-owned  retail 
chain  s  data  center  into  a  more  flexible,  business-driven  com¬ 
puting  resource,  little  has  changed:  They  consider  the  main¬ 
frame  more  important  than  ever. 

That  might  come  as  a  surprise  to  those  IT  executives  who  consider  the  main¬ 
frame  a  dinosaur.  But  when  considering  which  core  computing  platforms  are 
best  suited  to  support  the  new  data  center,  twists  on  the  old  become  newly 
viable  options. 

“The  mainframe  will  stay,  but  its  role  will  be  substantially  different  from  what  it  is 
today’  says  Joe  Poole,  technical  director  for  Boscov’s  in  Reading,  Pa.  Mainframe 
workloads  will  transition  from  the  traditional  batch  jobs  into  a  more  fluid  environ¬ 
ment.  For  instance,  Boscov’s  is  merging  Linux  and  the  mainframe.  The  company 
deployed  Linux  on  its  IBM  z900  mainframe  in  2001  and  began  turning  processes 
previously  run  on  Windows  NT  servers  into  Linux  instances.  It  has  consolidated 
about  40  of  about  70  NT  servers  onto  the  mainframe.  By  using  middleware  such  as 
IBM’s  MQSeries,  transactions  can  flow  from  machine  to  machine,  he  says. 

Letting  business  processes  flow,  regardless  of  hardware  and  operating  system,  is 
behind  lofty  vendor  strategies  for  pooling  computer  resources  that  grow  and 
shrink  in  response  to  demand.  System  vendors  are  busy  promoting  their  on- 
demand  programs  —  HP  with  its  Adaptive  Enterprise,  IBM  with  eBusiness  on  De¬ 
mand  and  Sun  with  N1  —  but  analysts  say  the  concept  won’t  be  reality  for  many 
years.  As  a  result,  users  today  should  focus  on  establishing  the  core  comput¬ 
ing  platforms  that  will  lay  the  foundation  for  that  eventuality 

For  Boscov’s  part,  it  is  considering  buying  mainframe  capacity  on 
demand  from  IBM  and  virtualizing  Windows  servers.These  kinds 
of  technologies  would  reduce  management  headaches 
while  assuring  that  communication  among  all  servers  and 
the  mainframe  continues  and  that  infrastructure  is  used 
efficiently  Poole  needs  to  ensure  this  because  Boscov’s  ex¬ 
pects  the  number  of  transactions  to  jump  significantly  as 
it  brings  technologies  such  as  radio  frequency  identifica¬ 
tion  and  wireless  to  its  39  stores. 

Little  by  little  ~ _ j 

Beyond  open  source  operating  systems, IT  executives  J 
have  numerous  other  core  computing  options  for  mov-  . 
ing  from  the  status  quo  to  a  new  data  center  that  is  eas-  ;; 
ier  to  manage  and  that  can  support  services-oriented  T 
and  Web-enabled  applications. These  include  industry^ 
standard  64-bit  server  platforms,  server  clusters,  blade  3 
servers,  grid  computing  and  server  virtualization.  33 

Analysts  and  other  industry  observers  suggest  that^S 
IT  executives  attack  such  decisions  one  at  a  time, 
rolling  out  pilot  projects  to  see  what  works  where 
and  then  figuring  out  how  componentized  por-  T 

See  Core,  page  14 
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tions  of  the  data  center  can  work  together  as  an  integrated  whole. 

“You  have  to  make  this  process  decision  tree  that  says,  for  example, ‘Am  I 
going  to  move  away  from  [symmetric  multiprocessing]  to  scale  out,  and,  if 
so,  where  does  Linux  or  clustering  fit  in, and  where  do  some  of  the  database 
capabilities  running  on  a  clustered  environment  fit  in?’”  says  Vernon  Turner, 
group  vice  president  for  global  enterprise  server  solutions  at  IDC.“So  you’re 
starting  to  break  down  your  data  center  into  the  smallest  manageable  com- 
ponents.That’s  important  because  in  the  utility  environment  you  have  to  be 
able  to  bill  out  in  as  small  increments  as  possible.” 

IT  executives  at  financial  publishing  firm  Bowne  &  Co.  knew  they  needed 
to  address  server  inefficiencies.  But  they  decided  to  start  fixing  the  problem 
one  application  at  a  time. 

The  company  had  built  up  enough  capacity  to  handle  spikes  in  demand 
from  the  printing  of  quarterly  and  annual  financial  statements,  but  that  left 
the  servers  underutilized  for  most  of  the  year. 

The  publisher  considered  bringing  in  blade  servers,  but  after  carefully 
analyzing  application  demands  and  infrastructure  capabilities,  determined 
that  a  grid  architecture  likely  would  be  a  better  choice,  says  Ruth  Haren- 
char,  CIO  at  Bowne.  And  so  the  New  York  company  decided  to  deploy  a 
grid, starting  small. 

Working  with  IBM  and  grid  software  maker  DataSynapse,  Bowne  figured 
out  that  the  statement-processing  portion  of  its  proprietary  typesetting 
application  would  work  best  in  a  grid  environment.  It  then  determined 
which  servers  to  use  for  the  grid,  based  on  application  load  and  utilization. 
“We  had  to  find  servers  that  had  a  similar  configuration, the  same  operating 
system  —  in  our  opinion,  we  needed  to  have  a  minimal  number  of  vari¬ 
ables  with  the  grid  to  work  with  in  a  pilot,”  Harenchar  says. 

Since  migrating  that  application  from  a  Dell  Power  Edge  1 150  to  a  grid  of 
two  Power  Edge  2650  servers, processing  time  has  dropped  by  50%, she  says. 
Next  Bowne  plans  to  spread  the  application  across  a  grid  of  10  servers,  re¬ 
ducing  processing  time  by  another  40%,  she  adds. 

Before  the  grid,  the  statement  processing  application  was  running  on  a 
server  at  a  very  low  utilization  rate  and  when  traffic  spiked,  performance 
took  a  hit.  Harenchar  says  she  is  quite  happy  with  the  performance  improve¬ 
ments  from  the  grid  and  the  ability  to  get  more  efficient  use  of  her  hardware. 
She  plans  to  expand  the  use  of  grid  technology  within  her  data  center. 

Harenchar  attributes  Bowne’s  success  with  the  grid  to  a  clear  under¬ 
standing  of  what  it  was  trying  to  achieve.“Having  set  out  our  criteria  and  our 
objectives,  we  were  able  to  pick  the  right  application  and  the  right  servers, 
and  things  went  quite  smoothlyf  she  says. 

Standards-based  approach 

When  it  comes  to  the  choice  between  platforms,  such  as  grid  comput¬ 
ing  vs.  blade  servers,  some  analysts  say  integration  and  flexibility  issues 
could  cause  a  company  to  hold  off  deploying  the  tiny  servers. 

A  lack  of  standards  in  chassis  design  that  locks  buyers  into  a  specific  ven¬ 
dor’s  products,  plus  huge  power  demands  of  the  compact  blades  can  be 
troublesome,  they  say  This  lack  of  standards  stands  in  the  way  of  achieving 
a  truly  adaptive  infrastructure,  but  interoperability  efforts  are  underway 

In  December  a  new  Distributed  Management  Task  Force  group,  led  by 
Dell,  HR  IBM  and  Intel,  began  studying  ways  to  manage  heterogeneous 
servers,  regardless  of  platform.  This  server  management  working  group 
plans  to  deliver  its  first  specifications  by  the  beginning  of  July. 

Standardization  is  one  of  the  reasons  why  First  Trust,  an  independent 
trust  company  in  Denver,  scrapped  its  32-bit  IBM  Unix  boxes  and  moved 
a  transaction-processing  database  onto  Itanium-based  servers  from  HR 
says  Jeff  Knight,  the  firm’s  vice  president  of  technology  and  vendor  rela¬ 
tions.  Use  of  standards-based  64-bit  systems,  which  handle  more  memory 
and  processing  on  each  chip,  has  let  First  Trust  improve  performance  and 
save  on  licensing  costs. 

It  also  has  enabled  the  streamlining  of  data  center  operations.“It’s  given  us 
a  common  architecture  in  development,  testing  and  deployment,”  he  says. 
“The  fact  that  it’s  an  industry  standard  product  —  the  architecture  is  indus¬ 
try'  standard,  the  way  the  software  is  moving  is  industry  standard  —  it  really 
allows  us  to  have  a  more  cohesive  data  center  instead  of  having  to  have  a 
specialty  product  for  this  business  and  a  specialty  product  for  that  business.” 

But  Knight  cautions  peers  not  to  jump  on  new  data  center  technologies 
before  they’re  proven  well  enough.  “While  you  always  want  to  lead  with 
ability  to  deliver  great  services,”  he  says, “you  want  to  make  sure  that  there 
is  going  to  be  a  world  around  you  that  can  help  you  get  there  and  then 
help  you  maintain  it  once  you  do  get  there.”  ■ 


By  the  numbers 

IT  executives  will  embrace  core  new  data  center  tech¬ 
nologies  in  the  next  few  years 


Virtualization. 

Companies  that  don't  use  server  virtualization  technologies  will  spend 
25%  more  annually  for  hardware,  software,  labor  and  space  for  Intel 
servers  and  15%  more  for  RISC  servers  by  2008,  Gartner  says. 

Blades. 

41,000  blades  were  sold  in  the  second  quarter  of  2003,  accounting 
for  just  3%  of  the  overall  server  market, The  Yankee  Group  says.  By 
2007,  more  than  2  million  blades  will  be  purchased,  accounting 
for  more  than  a  quarter  of  all  servers  sold,  Yankee  says. 

Consolidation. 

Worldwide  customer  revenue  for  server  consolidation  will  grow 
from  $5.2  billion  in  2003  to  $8.5  billion  in  2006,  with  the  bulk  of 
consolidation  happening  with  Unix  servers,  IDC  says. 

* .  . . . . . .  '  . . . . . . . 

Consoiidat  ion : 

The  necessary  first;  step 

One  expert  shares  advice  on 
migrating  to  a  new  data  center 
architecture. 

When  it  comes  to  evaluating  your  approach 
to  the  new  data  center  architecture,  think 
in  terms  of  consolidation,  says  Johna  Till  j 
Johnson,  president  and  chief  research  of¬ 
ficer  at  Nemertes  Research,  and  keynote 
speaker  for  Network  World’s  New  Data  j 
Center  Technology  Tour.  ■ 

Since  the  late  1990s,  IT  organizations  have  cut  the  number  of  data 
centers  —  down  from  “dozens  and  dozens  and  dozens”  in  some 
cases  —  and  moving  resources  into  centralized  locations.  "Our 
networking  capabilities  got  enormously  good,  so  the  cost  of  linking 
users  to  data  centers  dropped  dramatically,"  says  Johnson,  adding 
that  some  big  organizations  scrapped  hundreds  of  thousands  of 
server  locations  to  run  their  businesses  with  just  a  handful  of  data 
centers. 

"So  the  problem  then  becomes  you’ve  gone  from  having  computing 
resources  sort  of  scattered  across  the  universe  to  putting  them  all 
in  a  room  together,”  she  says.  “And  you  say,  ‘Gee,  is  there  some 
way  I  can  do  this  more  efficiently?”' 

Enter  the  new  data  center,  a  way  for  companies  not  only  to  reduce 
the  number  of  discrete  IT  elements  they  have  to  manage,  but  also 
to  create  a  consistent  framework  to  hold  all  these  resources  together. 

“When  a  server  was  living  out  in  somebody’s  departmental  office, 
deciding  things  such  as  what  operating  system  to  run  were  local 
decisions  because  it  depended  on  who  had  expertise  for  what 
[operating  system].  Now  it’s  part  of  a  much  bigger  picture,”  Johnson 
says.  “In  a  nutshell,  this  is  underlying  the  new  data  center:These 
decisions  are  slowly  transitioning  from  being  highly  distributed, 
highly  local  to  being  very  centralized  and  made  in  the  context  of  the  ; 
ultimate  goal  of  the  organization.” 

But  don't  assume  that  this  consolidation  trend  is  just  a  rearrangement 
of  old  technology  for  incremental  improvements  in  manageability 
and  everything  else,  she  says.  "Data  center  consolidation  sounds 
like  I  just  pick  up  this  box  from  Missouri  and  this  box  from  Illinois 
and  I  move  them  to  Ohio.  But  it’s  not.  It's  a  necessary  first  step  to 
a  massive  redesign,  re-architecture  and  redefinition  of  the  data 
center.  If  you  have  blinders  on  and  only  think  about  moving  boxes 
and  doing  an  incremental  refresh  on  your  operating  system,  you’re 
going  to  miss  the  bigger  picture." 

—  Jennifer  Mears 

Join  our  Data  Centers  Technology  Tour,  coming  to  a  ci ty  near  you  in  March,  and  hear  what 
else  Johnson  has  to  say  about  the  new  data  center,  www.nwfusion.com,  DocFinder:  9721 
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The  Keys  to  SAN  Performance  &  Uptime: 

Active  Monitoring  and  Rapid  Problem  Resolution 


> 


It’s  the  end  of  the  quarter  and  positive  earnings  announcements  from 
several  corporations  trigger  a  flurry  of  stock  trading.  Brokers  at  a  financial 
services  firm  watch  in  dismay  as  customer  records  and  trading  transactions 
crawl  across  their  PC  screens  then  freeze. 


For  managers  of  storage  area  networks  (SANs), 
this  scenario  is  playing  out  all  too  frequently.  In  a 
survey  of  over  IDO  IT  professionals  conducted  by 
Ashton,  Metzler  S.  Associates,  seventy  percent  of 
respondents  said  that  SAN  slowdowns  affect  their 
applications  once  a  month,  with  a  quarter  of  the 
respondents  suffering  from  SAN  slowdown  once  a 
week.  Fully  half  of  those  surveyed  admitted  they 
don’t  know  what  causes  these  “brownouts.” 

What  they  do  know  is  that  network  downtime 
is  costly.  And  going  up,  according  to  analysts  at 
RBC  Capital  Markets  who  estimate  the  average 
company  loses  $1 00,000  per  hour  of  network 
downtime.  Some  outages  are  more  costly  than 
others  -  as  much  as  $6.45  million/hour  for 
brokerage  operations  and  $2.6  million  for  credit 
card  authorizations. 

SANs  are  a  complex  system.  In  many  ways, 
they  appear  to  be  a  “black  box”  -  data  requests 
go  in  and  data  comes  out.  Understanding  what 
goes  on  inside  the  “black  box”  is  crucial  to  being 
able  to  predict  and  prevent  outages  and  to  ensuring 
reliable  data  flow.  Fortunately,  intelligent  system- 
level  monitoring  tools  are  available  that  can  give  IT 
managers  the  operational  insight  they  need  to 
increase  SAN  uptime  and  deliver  consistent  SAN 
performance. 

By  improving  SAN  performance  and  reliability, 
monitoring  tools  can  help  organizations  more 
quickly  realize  a  return  on  their  SAN  investment. 


MONTHLY  LABOR  COSTS  OF  OUTAGES 


Remote  fixed 


Core  network 


Remote  mobile 


Source:  Nemertes  Research.  'Maximizing  your  WAN:  Bandwidth  Trends  and  Benchmarks. "  February  2004. 
[Independent  research  not  affiliated  with  advertisement) 


Likewise,  the  right  tools  can  help  organizations 
lower  the  total  cost  of  SAN  ownership  and  reduce 
service  level  costs  by  allowing  IT  to  identify  potential 
problems  before  they  escalate  and  quickly  resolve 
any  problems  that  do  arise. 

As  complex  systems,  SANs  require  system-level 
management  tools  that  operate  across  equipment 
from  multiple  vendors.  Vendor-specific  management 
packages  are  useful  for  discovering  and  configuring 
individual  storage  devices,  and  typically  provide 
device  performance  data.  Ffowever,  IT  can't 
understand  the  SAN’s  overall  behavior  by  collect¬ 
ing  basic  performance  metrics  from  the  mix  of 
heterogeneous  components  in  the  data  path. 
They  need  a  richer  set  of  statistics  correlated 
system-wide.  They  need  a  way  to  track  applica¬ 
tion  performance  across  the  entire  SAN  fabric. 

Intelligent  system-level  monitoring  tools  such  as 
Finisar’s  NetWisdom  can  provide  this  type  of 
insight  into  a  SAN's  operation.  NetWisdom  gives 
managers  a  consolidated  view  of  network  traffic 
across  the  entire  SAN  fabric  and  accurately  meas¬ 
ures  application  response  times  and  latencies. 
By  collecting  detailed  SAN  statistics,  NetWisdom 
can  help  administrators  quickly  benchmark  a 
SAN’s  performance  level  and  measure  ongoing 
service  levels  against  it  as  the  network  and 
applications  grow. 

Administrators  can  use  this  information  to 
pro-actively  detect  problems  or  device  degradation 

before  a  major  problem 
develops.  Using 

NetWisdom,  a  SAN 
administrator  could  easi¬ 
ly  spot  a  bad  host  bus 
adapter,  failing  disk 
drive,  overloaded  links, 
etc.  These  types  of  prob¬ 
lems  lead  to  perform¬ 
ance  bottlenecks  that 
can  easily  accumulate  to 
create  a  brownout  or  a 
train  wreck.  Likewise,  by 
being  able  to  quickly 
identify  SAN-related  vs. 
application-related  prob¬ 
lems,  IT  can  eliminate 
finger-pointing,  leading 


to  faster  problem  resolution  and  increased  SAN 
reliability. 

SAN  administrators  can  also  use  the  statistics 
collected  by  a  monitor  for  trend  analysis.  By  better 
understanding  their  traffic  patterns,  bandwidth 
utilization,  and  congestion  points,  SAN  managers 
can  more  effectively  deploy  resources  as  well  as 
plan  for  future  expansion.  System-level  monitoring 
tools  also  make  it  possible  for  IT  managers  to 
define  -  and  deliver  on  -  service  level  agreements. 
Tools  such  as  NetWisdom  provide  accurate 
accounting  of  SAN  response  times  and  bandwidth 
utilization,  making  it  possible  to  track  service  levels. 


Half  of  the  IT  professionals 
surveyed  don’t  know  what 
causes  their  SAN  brownouts. 


In  conjunction  with  monitoring  tools,  intelligent 
analysis  tools  make  it  possible  to  rapidly  and  accu¬ 
rately  diagnose  problems  that  might  arise.  Too 
often,  SAN  administrators  resort  to  swapping  out 
components  they  suspect  are  causing  a  problem— 
a  time-consuming  process  that  can  introduce  new 
problems.  Tools  such  as  Finisar's  Xgig  Analyzer  let 
IT  quickly  pinpoint  a  problem  and  keep  the  SAN 
running  smoothly. 

Xgig  Analyzer  includes  expert  software  that 
automates  the  trace  analysis  process  and  quickly 
identifies  and  addresses  trouble  events,  including 
protocol  violations,  interoperability  problems,  per¬ 
formance  issues,  and  errant  behaviors.  Quickly 
solving  network  problems  translates  into  savings, 
both  by  increasing  network  uptime  and  reducing 
the  time  (and  therefore  the  cost)  needed  for 
troubleshooting. 

Clearly,  SANs  don’t  have  to  be  a  “black  box." 
With  the  right  monitoring  and  analysis  tools,  organ¬ 
izations  can  significantly  increase  SAN  reliability 
and  uptime,  deliver  promised  service  levels,  and 
plan  for  future  growth.  By  reducing  brownouts  and 
outages,  organizations  can  realize  the  full  benefits 
of  their  SAN  along  with  a  rapid  return  on  their 
investment  and  lower  total  cost  of  ownership. 


Sponsored  by  - 

F inis  a  r 

The  ultimate  in  SAN  LAN  Performance  Tools 


For  more  information  visit  Finisar  at  www.finisar.com 
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Faster  than  the  speed  of  change. 


Be  nimble.  Be  quick.  HP  Integrity  Servers  are  capable  of  executing  one  million 
transactions  per  minute  and  built  to  run  multiple  operating  systems  simultaneously. 
Supported  by  Intel®  Itanium®  2  technology,  Integrity  is  the  most  powerful  line  of 
industry-standard  servers  available  today.  Providing  you  with  the  computing 
power  to  adapt,  evolve  and  change  faster  than  anyone,  anywhere,  at  any  time. 
www.hp.com/info/integrity 
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A  smarter,  more  robust  infrastructure 
once  disparate  network,  computing  and  storage 
resources  into  a  unified  system. 


■PM 


“i  iii 

t&m  111 


BY  PHIL  HOCHMUTH 
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s  the  song  goes, “you  gotta  have  heart.”  But  a 
strong  ticker  is  no  good  without  healthy 
veins  and  arteries.  None  of  that  will  do 


much  good  without  some  brains. 

The  same  is  true  for  the  new  corporate  data  center:  Advanced  comput¬ 
ing  power  at  the  heart  of  a  company  can  be  wasted  if  network  bandwidth, 
intelligence  and  traffic  control  are  not  optimized. A  brainier  infrastructure 
can  make  networks,  data  centers  and  storage  act  as  a  unified  system,  and 
allow  information  to  travel  more  efficiently  for  on-demand  applications. 

Cisco  CEO  John  Chambers  recently  painted  a  picture  of  this  future:  “Net¬ 
working  opens  up  many  opportunities  in  the  data  center,  where  devices  will 
tie  together  in  ways  they  haven’t  before,”  he  said  at  a  December  analyst  con¬ 
ference.  He  described  how  networks  would  be  tightly  integrated  with  com¬ 
puting  resources  with  the  goal  of  making  transparent  where  storage,  servers 
and  data  applications  reside.That  is  tailor-made  for  networking,”  he  said. 

Arriving  at  this  networking  transparency  will  take  technologies  such  as 
Multi-protocol  Label  Switching  (MPLS),  intelligent  traffic  management 
and  acceleration,  and  the  integration  of  storage-area  networks  (SAN)  and 
LANs.  And  the  ever-growing  need  for  bandwidth  within  data  centers,  cou¬ 
pled  with  falling  Gigabit  prices,  will  drive  an  uptake  in  10G  Ethernet  as  the 
backbone  technology  of  choice, says  Jay  Pultz,a  research  vice  president 
at  Gartner.  Big  bandwidth  never  goes  out  of  style,  he  adds. 

Certainly  researchers  at  Lawrence  Livermore  National  Laboratory  (LLNL), 
a  lab  run  by  the  University  of  California  and  the  Department  of  Energy  in 
Livermore,  Calif.,  agree.  As  LLNL  migrates  from  monolithic  supercomputing 
platforms  with  large  symmetric  multiprocessing  machines  to  clusters  of  com¬ 
modity-based  servers  in  its  data  center,  it  has  found  network  upgrades  nec¬ 
essary  as  well.  Deploying  large  server  clusters,  each  with  1G  bit/sec  network 
connections,  has  pushed  the  lab  to  use  Cisco  10G  Ethernet  switches  as  the 
core  backbone  technology,  says  Dave  Wiltzius,  network  division  leader  at 
LLNL. 

Additionally,  the  lab  is  testing  10G  server  adapters  and  hopes  to  have 
some  server  clusters  running  at  10G  soon,  he  says.  (The  hundreds  of  two- 
and  four-way  clusters  of  Intel/Linux  boxes  are  proving  to  be  as  powerful 
as  and  less  costly  than  traditional  supercomputing  machines.) 

Other  network  topology  changes  will  come  in  the  distribution  layer, 
consisting  of  server  connections  and  switches  that  aggregate  LAN  traffic 
at  the  network’s  edge.  The  ability  to  plug  desktop  switches  and  servers 
directly  into  the  10G  core  will  give  LLNL  cost  and  operational  advantages, 
Wiltzius  says.“!t  could  help  us  optimize  [the  distribution  layer]  of  the  net¬ 
work  and  get  rid  of  different  types  of  bottlenecks,”  he  says. 

Along  with  this  new  data  center  architecture,  Wiltzius  and  his  staff  are 
looking  to  make  the  network  a  more  virtually  configurable  asset.  For  this, 
LLNL  has  tapped  MPLS,  a  Layer  3  quality-of-service  standard  that  lets 
packets  be  tagged,  routed  and  shaped  as  individual  flows  across  an  IP  net¬ 
work.  MPLS,  which  LLNL  is  turning  on  now  in  its  core  switches,  will  let  the 
lab  more  easily  slice  up,  prioritize  and  secure  the  torrents  of  traffic  run¬ 
ning  across  the  10G  backbone.  MPLS  also  will  let  LLNL  create  miniature 


Blade  servers: 

taking  on  network  functions? 

The  blade  server  chassis,  which  houses  a  dense  cluster  of  modular 
servers  that  can  be  managed  and  deployed  virtually,  is  the  next 
big  battleground  in  the  data  center  optimization  war —  especially 
on  the  network  infrastructure  front,  industry  watchers  say. 

"Potentially,  blade  servers  are  a  phenomenally  disruptive  force  in 
this  industry,”  says  Frank  Dzubeck,  president  of  consulting  firm 
Communications  Network  Architects.  As  servers  are  consolidated 
into  these  chassis,  more  network  services  will  go  into  them,  he 
says.  "Who’s  to  say  you  can't  put  a  router  or  load-balancing  blade 
in  this  [blade  server  chassis]  and  suddenly  make  it  a  [Layer  3/Layer 
4]  data  center  in  a  box?” 

These  developments  could  cause  a  clash  between  blade  server 
vendors,  such  as  Dell,  HP,  IBM  and  Sun,  and  traditional  network 
vendors  such  as  Cisco,  he  adds.  "Cisco  talks  about  putting  things 
that  used  to  run  on  servers  into  the  network,”  Dzubeck  says.  “Then 
you’ve  got  the  blade  server  makers  thinking  about  putting  more 
functionality  into  their  chassis.” 

Some  vendors  already  are  anticipating  the  blade  server  movement. 
Nortel  offers  a  Layer  2  to  Layer 7  switch  module  aimed  at  increasing 
load-balancing  and  traffic  management  capabilities  among  nodes 
in  IBM’s  Blade  Center  and  HP's  ProLiant  Blade  Server  chassis. 
F5  Networks  has  server  load-balancing  blade  modules  compatible 
with  leading  blade  server  chassis.The  expectation  for  enterprise  * 
users  of  such  integration  should  be  cost  savings  and  the  ability 
to  leverage  enhanced  services,  says  Pat  Patterson,  a  marketing 
director  with  Nortel. 

Blades  are  on  ShopNBC.com's  data  center  watch  list,  says  Steven 
Craig,  vice  president  of  interactive  technology  at  the  Minneapolis 
company. 

"We  will  look  at  blades  as  an  option  soon  because  some  interesting 
games  can  be  played  there,”  Craig  says.  "Situations  where  you 
can  have  an  [operating  system]  that  spans  multiple  blades  are 
interesting.” 

—  Phil  Hochmuth 


labs  and  data  centers  virtually  and  on  the  fly,  using  the  giant  pool  of  band¬ 
width  in  the  network  core. 

“We  have  this  big  bandwidth  that  is  very  useful, but  we’d  like  to  carve  it  up 
to  address  internal  security  and  privacy  needs  with  [service-level  agree- 
ment]-type  of  agreements  between  different  users, ’’Wiltzius  says, noting  that 
MPLS  deployment  will  take  place  throughout  this  year.  Because  MPLS  is 
used  at  the  core  of  the  Internet,  which  runs  at  10G,the  use  of  the  technol¬ 
ogy  on  the  lab’s  private  10G  infrastructure  should  be  a  good  fit,  he  adds. 
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From  data  center  to  data  edge 

While  big  bandwidth  might  never  go  out  of  style, sometimes  it  isn’t  appro¬ 
priate.  For  ShopNBC.com,  another  user  pushing  data  center  intelligence 
onto  the  network, Web  acceleration  and  caching  were  optimum  technology 
choices.  In  its  data  center,  ShopNBC.com  maintains  dozens  of  Windows- 
based  Web  servers  for  selling  merchandise  tied  to  NBC  programming  such 
as  the  Olympics,  popular  shows  like  “Friends”  and  other  broadcasts.“We  re  in¬ 
terested  in  taking  [applications  and  data]  that  once  had  to  be  fetched 
from  a  server  [in  the  data  center]  and  pushing  them  onto  the  network  and 
closer  to  the  edge,” says  Steven  Craig,  vice  president  of  interactive  technol¬ 
ogy  at  the  Minneapolis  company 

Web  acceleration  and  caching  appliances  from  NetScaler  let 
ShopNBC.com  do  this.“We  can  take  assets  that  are  highly  static,  like  the  nav¬ 
igation  bar  on  ShopNBC.com  that  only  change  one  to  two  times  a  year,  and 
put  them  on  network  platforms  like  NetScaler”  Craig  says. 

By  having  the  cache/acceleration  appliance  deliver  static  content, 
ShopNBC.com  doesn’t  have  to  “throw  more  servers”  into  its  data  center  to 
accommodate  peak  shopping  times  of  the  year  or  during  NBC  promotions 
that  drive  up  traffic. “What  you  want  to  avoid  are  round  trips  to  a  database 
server”  that  focuses  on  delivering  dynamic  content,  Craig  says. 

ShopNBC.com  also  uses  the  NetScaler  appliance  to  accelerate  Secure 
Sockets  Layer  (SSL)  encryption.  By  handling  SSL  encryption  of  data  center 
traffic  in  the  network  rather  than  at  each  server,  ShopNBC.com  reduces  the 
strain  on  Web  server  processing  in  the  data  center  and  saves  on  SSL  license 
fees. Those  amount  to  $1,000  per  data  center  node,  Craig  says.’Tnstead  of 
buying  several  dozen  SSL  licenses,  I  now  buy  one  a  year  and  put  it  on  the 
NetScaler]’  he  says. 

While  Web  and  traditional  network  technologies  are  coming  together  at 
ShopNBC.com,  migrating  to  a  new  data  center  at  Massachusetts  General 
Hospital  (MGH)  has  brought  about  the  merger  of  storage  and  the  network 
infrastructure. 

The  radiology  department  at  MGH,  part  of  Partners  Healthcare  Group  in 
Boston,  has  seen  storage  needs  balloon  since  it  installed  a  filmless  imaging 
system  two  years  ago.  Now  all  X-rays,  magnetic  reso¬ 
nance  imaging  and  computerized  axial  tomogra¬ 
phy  scans  are  produced  and  stored  digitally.  At 
450  exams  a  year,  without  compression,  this 
equates  to  18T  bytes  of  data  storage  a  year,  says  Tom 
Schultz,  chief  engineer  for  medical  imaging  at  the 
hospital. “And  that’s  not  even  including  any  reports 
and  documentation  associated  with  the  image 


files,”  he  says. 

The  hospital  uses  a  cluster  of  Digital  Linear  Tape  (DLT)  drives  to  archive 
its  digital  pictures  of  broken  bones  and  body  scans.  But  this  makes  retriev¬ 
ing  and  working  with  images  hard  for  doctors.’Tf  you  have  a  doctor  sitting 
in  front  of  a  monitor  who  wants  to  go  offline  [to  view  a  tape-stored  image] , 
he  or  she  has  to  wait  2  to  6  minutes  for  the  image  to  be  available,”  Schultz 
says,  explaining  that  the  DLT  drives  cannot  be  mounted  as  quickly  as  files 
stored  on  a  hard  disk.  Over  a  day  this  affects  the  amount  of  time  a  doctor 
has  for  patients. 

So  MGH  is  working  with  its  image  system  vendor  to  incorporate  more  traf¬ 
fic  load  balancing  into  the  image  archiving  workflow,  Schultz  says.  Scanned 
images  enter  the  Phillips  Picture  Archive  Communication  System  through 
gateways  on  a  first-come,  first-served  basis.The  gateways  are  Sun  servers  run¬ 
ning  software  that  processes  and  routes  images  and  their  associated  files, 
called  “studies,”  into  a  database  and  the  tape  storage  archive.  MGH  expects 
to  improve  performance  by  load  balancing  among  the  nine  gateways.“We’d 
like  to  have  it  so  that  all  data  doesn’t  go  down  one  single  pipe,” Schultz  says. 
This  would  let  the  gateways  operate  under  one  virtual  IP  address,  and  load 
balance  the  jobs  among  the  machines. 

Additionally, MGH  is  evaluating  a  live“spinning-disk”archive  system  from 
start-up  ExaGrid  that  would  let  it  store  images  on  an  array  of  commodity 
disks  that  can  sit  anywhere  on  an  IP  network.The  disks  could  be  managed 
as  logical  storage  volumes,  movable  and  reconfigurable  virtually  The  Exa¬ 
Grid  system  could  keep  studies  in  a  semi-archived  state  so  they  could  be 
recalled  quickly, Schultz  says.  In  addition,  because  the  disks  could  be  any¬ 
where  on  the  network,  MGH  could  replicate  data  stores  over  a  WAN. 

“We’re  hoping  that  with  ExaGrid,  we’ll  get  one  place  to  dump  images,” 
Schultz  says.  “Behind  the  scenes,  it  will  allow  us  to  swap  in  [network- 
attached  storage]  devices  and  let  us  grow  with  no  headaches.”  Schultz 
says  the  hospital  will  decide  on  whether  to  install  the  ExaGrid  system  in 
the  first  quarter  of  this  year. 

Clearly  data  center  networking  is  way  past  the  stage  of  simply  con¬ 
necting  servers  and  hubs  together.  As  companies  change  their  views  of 
the  data  center  from  “computer  room”  to  “strategic 
corporate  asset,”  the  importance  of  data  center 
optimization  will  rise.  And  varied  as  they  are,  the 
decisions  being  made  at  companies  such  as  LLNL, 
ShopNBC.com  and  MGH  will  become  increasingly 
common.  If  strong  new  data  centers  are  at  the 
heart  of  corporations,  a  smart  network  infrastruc¬ 
ture  is  a  must.  ■ 


More  online! 

Join  us  online  for  a  free,  on- 
demand  Webcast  called  The  New 
Data  Center:  A  quiet  revolution 
in  the  making. 
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You  Need  Beldens  New  DataTwist  600e  — 

The  Only  Network  Cable  That  Guarantees  Performance  Beyond  Category  6  Standards. 


Suddenly,  as  quickly  as  Category  6  cable  performance  standards  have  been  adopted,  Belden 
has  made  them  obsolete,  DataTwist  600e  UTP  networking  cable  was  developed  not  only  to  meet 
Category  6  standards,  but  also  to  provide  significant  amounts  of  headroom  above  and  beyond 
them  —  guaranteed.  It’s  the  industry’s  only  UTP  cable  with  guaranteed  performance  to  600  MHz. 

The  secret?  Belden’s  unique,  patented  Bonded-Pair  technology  that  ensures  uniform  conductor- 
to-conductor  spacing  to  eliminate  performance-robbing  gaps  between  pairs. ..coupled  with 
the  patented  e-Spline  design  that  provides  consistent  pair-to-pair  spacing 
by  placing  pairs  in  individual  chambers. 

The  result: 

•  8  dB  of  Power  Sum  NEXT  headroom  over  Category  6  —  guaranteed. 

•  Nearly  5  dB  of  return  loss  improvement  over  Category  6 
at  100  MHz  —  guaranteed. 

•  An  attenuation  margin  over  Category  6  standards  —  guaranteed 

•  Positive  Power  Sum  ACR  to  460  MHz  —  guaranteed. 

All  of  which  means  better  and  faster  performance  for  you. 

For  more  information  call  1-800-BELDEN-4  to  get  your 
FREE  copy  of  the  DataTwist  600e  New  Product  Bulletin. 

www.belden.com/networking 
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was  to  provide  more  widespread  access  to  business-critical 
enterprise  applications  without  increasing  the  administrative 
burden  on  the  IT  department.  Before  that  goal  would  be  realized,  however, 
Santa  Clara  University  (SCU)  got  a  lesson  in  what  ca  n  go  wrong  with 
Web-based  applications  and,  more  importantly,  how  to  remedy  the  problems. 


In  July  of  2002,  SCU  made  the  move  to 
PeopleSoft  8,  the  Web-enabled  version  of  the 
popular  application  suite.  The  school  uses 
PeopleSoft  to  support  human  resources,  financial 
and  student  administration  applications,  including 
admissions,  financial  aid  and  course  registration 
programs,  says  Ron  Danielson,  chief  information 
officer  for  SCU,  an  8,000-student  university  in 
Santa  Clara,  Calif. 

“As  much  as  we  possibly  can,  it’s  our  intention 
to  push  access  to  administrative  information  out 
to  students,  faculty  and  staff,”  Danielson  says.  With 
the  previous  version  of  PeopleSoft,  that  was  a  chal¬ 
lenge  because  it  required  client  software  on  each 
user’s  desktop.  “With  the  Web  front  end,  anybody 
with  a  browser  can  come  in  and  get  access.” 

Access  they  did,  so  much  so  that  the  university’s 
application  servers  were  overloaded  and  perform¬ 
ance  was  much  slower  than  with  the  previous 
version.  “We  were  one  of  the  first  half-dozen 


universities  in  the  country  to  upgrade  to 
PeopleSoft’s  new  Web-based  product,  and  we 
thought  we’d  spec’d  out  our  network  and  equip¬ 
ment  adequately  to  meet  our  performance 
needs,”  he  says.  “But  we  weren’t  even  close.” 


SCU’S  REDLINE  BENEFITS 
AT  A  GLANCE: 


■  Bandwidth  reduction:  E|X  3250  reduces 
bandwidth  requirements  by  up  to  10M  bit/sec, 
saving  SCU  at  least  $48,000  per  year. 

■  Increases  server  capacity:  Offloads  connection 
management,  1/0  and  SSL  processing, 
essentially  cutting  server  loads  in  half. 

■  Reduces  number  of  network  components: 
Reduces  the  amount  of  data  traffic,  enabling 
network  components  such  as  firewalls  to 
handle  more  load. 


IN  SEARCH  OF  A  FIX 

Initially,  Danielson  and  his  staff  tried  throwing 
more  hardware  and  software  at  the  problem. To  an 
initial  configuration  of  one  Web  server  and  one 
application  server,  they  added  three  more  Web 
servers  and  one  new  application  server.  They  also 
brought  in  performance  management  and  soft¬ 
ware  tuning  tools,  and  changed  some  PeopleSoft 
parameters  related  to  processing  input  from  users. 

“This  brought  performance  to  an  ‘acceptable’ 
level,”  Danielson  says.  “But  now  we  had  six  servers 
instead  of  two,  and  we  were  still  spending  a  lot 
more  time  on  the  problem  than  we  would  have 
liked.” 

In  the  fall  of  2002,  the  university  learned  about 
Redline  Networks  of  Campbell,  Calif.  Redline 
makes  a  family  of  appliances  designed  to  improve 
Web-based  application  performance  by  offloading 
from  the  server  I/O  processing  and  connection 
management  chores,  while  compressing  content 
to  conserve  bandwidth. The  appliances  also  handle 
Secure  Sockets  Layer  (SSL)  processing,  thus 
serving  to  improve  security. 

LESS  BANDWIDTH, 

MORE  PERFORMANCE 

In  November,  SCU  installed  one  of  Redline’s 
E  |  X  3250  appliances  and  saw  an  immediate. 


. 


PeopleSoft  8  Administration 


Internet  Firewa" 


SCU 

Core 

Network 


Application 

Servers 


Database 


Improved  Throughput 

Saved  $48,000  per  year 
Bandwidth  decreased  70% 


Gigabit 

Ethernet 

Switch 


Redline 


GroupWise  Administration 


GroupWise 
Web  Access 
Servers 


GroupWise 
Post  Office 
Database 
Cluster 


Storage 
Area  Network 


Increased 

Capacity 


Increased  Capacity 

Improved  PeopleSoft  8  and 
GroupWise  performance 
under  peak  load 


Optimized 

Operations 


Optimized  Operations 

Redeployed  web  servers 
Extended  life  of  firewall 


dramatic  improvement.  Bandwidth  usage  associated 
with  the  PeopleSoft  applications  plummeted  by 
70%,  thanks  to  the  compression  features  inherent  in 
the  E  |  X  3250.  At  the  same  time,  because 
the  E  |  X  3250  handled  connection  management 
chores  and  I/O  processing,  server  capacity 
effectively  doubled. 

The  magnitude  of  server  capacity  and  per¬ 
formance  improvements  hit  home  when  one  of 
the  university’s  servers  went  down  for  more  than 
a  week.  “We  didn’t  even  notice  a  change  in  per¬ 
formance,”  Danielson  says.  “That  tells  us  how 
much  headroom  the  Redline  box  has  given  us 
with  our  PeopleSoft  applications.” 

Like  the  rest  of  Redline’s  enterprise  applica¬ 


tion  processors,  the  E  |  X  3250  sits  in  front  of 
servers  and  receives  requests  from  hundreds  or 
thousands  of  client  browsers.  It  processes  the 
thousands  of  relatively  slow  requests  as  they 
come  in  from  users  and  shuttles  them  to  the 
appropriate  servers  at  high  speed  over  just  a  few 
dozen  persistent  TCP  connections. 

“As  far  as  the  Web  servers  are  concerned, 
they  have  a  single  connection,  which  is  to  the 
Redline  box,”  Danielson  says.  The  servers  no 
longer  have  to  perform  complex  scheduling  of 
requests  arriving  randomly  over  a  large  num¬ 
ber  of  connections.  Instead,  they  service  each 
response  as  it  arrives  and  send  information 
back  to  the  enterprise  application  processor, 
which  delivers  pages  to  the  client  browser  at 
whatever  speed  the  browser  can  efficiently 
handle. 

The  E  |  X  3250  worked  so  well  for  SCU’s 
PeopleSoft  implementation  that  the  university 
soon  installed  an  additional  unit  to  improve  the 
performance  of  Novell  GroupWise  servers  that 
provide  Web-based  e-mail  access.  Here  the  E  |  X 
3250  sits  in  front  of  four  servers,  performing 
load  balancing,  connection  management  and 
compression.  For  its  GroupWise  application,  the 
university  also  takes  advantage  of  the  E  |  X  3250’s 
SSL  offload  capability,  which  obviates  the  need 
for  the  servers  to  maintain  large  amounts  of  user 


data,  including  client  certificate  infor¬ 
mation.  It  also  ensures  that  end  users 
have  no  direct  access  to  the  application 
servers  and  the  often-sensitive  infor¬ 
mation  they  contain. 

Results  from  the  GroupWise  imple¬ 
mentation  have  been  similar  to  those 
for  PeopleSoft:  bandwidth  consump¬ 
tion  on  the  university’s  WAN  links  has 
been  cut  in  half  and  response  time  has 
improved. 

SAVINGS,  SAVINGS, 
SAVINGS 

The  bottom  line,  Danielson  says,  is 
that  the  Redline  appliances  enable 
SCU  to  realize  savings  in  three  areas: 
bandwidth  reduction,  increased  server 
capacity  and  extended  life  cycle  of 
other  network  components. 
Bandwidth  savings  come  from  the 
compression  features  of  the  appliance,  which  are 
browser-aware  to  adaptively  compress  content 
for  each  requesting  user  and  never  require  spe¬ 
cialized  client  software.  The  features  save  6M  to 
10M  bit/sec  of  bandwidth,  which  Danielson  says 
would  cost  the  university  an  additional  $4,000 
to  $5,000  per  month. 

In  terms  of  server  capacity,  Danielson  figures 
he  could  remove  two  of  the  four  servers  sup¬ 
porting  his  PeopleSoft  implementation  without 
suffering  a  performance  hit,  although  he  has 
opted  to  leave  the  installation  as-is  to  allow  for 
anticipated  growth  in  the  number  of  applica¬ 
tions  and  users.  Similarly,  on  the  e-mail  side, 
“We  probably  won’t  have  to  grow  that  server 
farm  dramatically  to  handle  additional  load,”  he 
says. 

Just  as  the  Redline  appliances  enable  him  to 
get  more  life  out  of  his  servers,  they  do  the  same 
for  network  components  such  as  firewalls. 
“With  the  Redline  box  reducing  bandwidth 
usage,  there’s  less  for  the  firewalls  to  examine,”  so 
a  single  firewall  can  effectively  handle  more 
load. 

In  coming  months,  SCU  will  be  adding  to  its 
Redline  implementation  another  server  group 
that  supports  university  financial  applications. 

To  sum  up,  Danielson  says,  “This  box  delivers 
on  all  its  claims.” 


Learn  More  About  Network  Effects  on  Web-Enabled  Applications 


This  informative  webcast  is  featured  at 


http://www.nwfusion.com/go/CNDC 

In  addition  you  will  find  white  papers,  case  studies  and  analyst  reports 
to  help  your  team  implement  your  New  Data  Center  initiatives. 


Sponsored  By 


REDLINE 

NETWORKS 


S22  New  Data  Center  an  owners  handbook 

a*  EDITORIAL  SUPPLEMENT  NETWORK  WORLD  >  WWW.NWFUSI0N.COM/SUPP/2004/NDCl  236.04 


□licet 


in  the  nev 
enterprise  appi 
as  loosely  coupled,  me 
Ian  network  services 
when  linked  together, 
create  complex  busines 
processes . 


BY  ANN  BEDNARZ 


Not  every  effort  at  stan¬ 
dardization  catches  on 
—  more  than  a  century 
of  lobbying  has  done  little  to  spur 
metric  system  adoption  in  the  U.S., 
for  example.  But  sometimes  condi¬ 
tions  are  ripe  for  new  ideas. 

In  the  world  of  business  applications,  stan- 
dards-based  efforts  are  gaining  momentum. Web 
services  implementations  are  growing  as  users 
migrate  to  the  middleware  that  enables  and  sim¬ 
plifies  Web  application-to-application  connectiv¬ 
ity.  In  addition, users  are  warming  to  the  idea  of  a 
service-oriented  architecture  (SOA)  to  connect 
applications  across  a  network  in  a  way  that  fos¬ 
ters  code  sharing  and  reuse. 

The  technologies  have  a  symbiotic  relationship: 
Web  services  can  be  deployed  in  an  SOA. 
Together  they  constitute  the  next  incarnation  of 
enterprise  applications,  which  experts  say  will  act 
as  loosely  coupled,  modular  network  services 
that  developers  can  link  to  create  complex  busi¬ 
ness  processes  without  much  custom  coding. 

The  move  to  a  less  brittle,  more  flexible  distrib¬ 
uted  application  model  complements  similar 
efforts  to  distribute  server  and  network  resources 
in  data  centers.“The  common  theme  is  virtualiza¬ 
tion,”  says  Jason  Bloomberg,  a  senior  analyst  at 
ZapThink.“Storage  virtualization  handles  storage, 
grid  computing  virtualizes  processor  power.Aser- 
vices-oriented  architecture  essentially  virtualizes 
software  application  functionality’ 

Returning  to  favor 

The  current  SOA  buzz  isn’t  indicative  of  a  new 
technology  but  rather  the  next  iteration  of  an  old 
concept.  Earlier  attempts  at  popularizing  SOA s  — 
such  as  Common  Object  Request  Broker  Archi¬ 
tecture  —  were  hindered  by  a  lack  of  standard 
middleware  and  APIs.  Web  services  might  be  the 
missing  link  that  brings  SOAs  mainstream, 
observers  say“The  reality  is  this  might  be  the  right 
time  for  us  to  be  thinking  about  loosely  coupled 
distributed  computing,  in  part  because  of  the 
movement  to  do  it  based  on  standards  as 
opposed  to  proprietary  integration  technologies,” 
says  Ron  Schmelzer,  another  ZapThink  senior  an¬ 
alyst. “At  the  same  time,  there’s  enough  infrastruc¬ 


ture  in  the  IT  environment  —  application  servers 
and  whatnot  —  that  we  can  actually  afford  to  im¬ 
plement  Web  services  and  SOAs  without  having 
to  build  a  Big  Bang  kind  of  project.” 

Additionally  as  companies  tackle  new  data  cen¬ 
ter  initiatives  aimed  at  maximizing  use  of  IT  re¬ 
sources,  they  have  to  consider  how  these  distrib¬ 
uted  computing  projects  mesh  with  applications. 
For  example,  from  an  application  perspective, 
technologies  such  as  grid  computing  depend  on 
having  location-independent  services,  Schmelzer 
says.“The  system  won’t  work  if  it  requires  that  one 
application,  running  on  one  server,  be  available. 
Services  have  to  be  distributed,  and  the  only  way 
to  make  that  work  in  a  grid  capacity  is  to  imple¬ 
ment  an  SOA.” 

An  SOA  doesn’t  replace  existing  infrastructure, 
Schmelzer  says.  Rather,  it  serves  as  a  layer  on  top 
of  application  servers  and  databases  in  multi¬ 
tiered  or  client-server  architectures,  he  says. 
“SOAs  provide  networked,  location-independent 
services  that  are  themselves  just  interfaces  to 
other  systems.” 

Neither  do  SOAs  require  application  overhauls, 
says  Scott  Cosby  manager  of  WebSphere  Business 
Integration  at  IBM.  SOAs  aren’t  about  changing 
applications,  but  about  providing  an  interface 
into  an  application  so  certain  functionality 
can  be  exposed.  For  example,  a  company 


might  expose  the  employee  verification  function 
in  a  human  resources  application  as  a  Web  ser¬ 
vice.  Other  applications  then  can  make  use  of 
that  service  via  an  SOA. 

The  allure  of  Web  services  and  SOA  was  strong 
enough  for  Wall  Street  Access  to  replace  a  3-year- 
old  Microsoft  C++  platform  that  was  too  mono¬ 
lithic,  says  Peter  Underwood,  vice  president  of 
software  development  at  the  New  York  brokerage 
firm.  Built  with  kind  of  a  black-box  approach,  the 
platform  had  no  API  to  get  to.  As  a  result,  the  firm 
wasn’t  able  to  easily  expose  necessary  steps  in 
executing  a  trade  to  customers,  partners  and 
traders,  he  says. 

Wall  Street  Access  built  a  new  services-based 
trading  system,  called  AccessPoint,  using  IBM’s 
WebSphere  Application  Server  and  WebSphere 
Business  Integration  software. The  system  inte¬ 
grates  and  aggregates  stock  market  information 
from  nearly  20  data  providers. 

“The  natural  shoo-in  for  all  this  stuff  is  Web  ser¬ 
vices,”  Underwood  says.“There  are  only  a  couple 
of  different  ways  to  ask  for  account  information 
or  purchase  histories. So  [we  said,]  ’’let’s  just  build 
a  framework  in  the  most  abstract  way  we  can, and 
then  expose  it  to  an  application  layer!" 

Now  with  middleware,  the  firm  can  provide 
traders  on  the  desk  and  customers  the  same  ser- 

See  Applications,  page  24 


Maximizing  code  reuse 

In  a  service-oriented  architecture,  so-called  “consumer”  applications  find  Web- 
enabled  services  by  searching  a  registry.  For  example,  multiple  applications  could 
discover  and  use  (such  as  be  “consumers”  of)  an  order-processing  application, 
which  has  been  made  into  a  Web  service  by  an  interface  with  its  native  ERP 
platform. 
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Emergency  phone  calls  from  your  remote  data  center?  No  problem.  With  the  Avocent  DS  Series, 
you  can  access  and  control  any  data  center  device,  right  from  your  desktop.  Whether  it’s  the 
server  down  the  hall,  the  router  across  town  or  the  power  device  in  another  country...  you  can 
control  it  all  with  Avocent. 

Our  DSView™  management  software  centralizes  authentication  for  multiple  users,  integrates 
power  management,  and  lets  you  control  your  entire  data  center,  all  from  a  single  screen. 

Anytime.  Anywhere. 

The  Power  of  Being  There* 

Download  your  free  white  paper  at  wwn.avocent.com  or  call  1-866-286-2568  for  details  on 
how  the  Avocent  DS  Series  gives  you  CLICK  AND  CONNECT™  local  and  remote  data  center 
control  over  IP. 
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Applications 
continued  from  page  22 

vice,  Underwood  says.  “Everybody  is  seeing  the 
exact  same  data  in  the  exact  same  wa/ 

One  issue  the  AccessPoint  application  has 
raised  is  the  need  for  addressing  and  enforcing 
service  expectations,  Underwood  says.  One  Web 
page  exposed  to  a  client  might  require  three  ser¬ 
vice  calls  —  to  a  news  provider,  a  market  data 
feed  and  an  exchange,  for  example.  If  one  of 
those  content  providers  is  down  or  running  slow, 
AccessPoint  is  effected,  he  says.“We’ve  had  to  get 
smart  in  terms  of  writing  contracts  and  service 
level  agreements  because  it  directly  impacts  our 
performance,”  Underwood  says. 

Testing,  too,  has  become  an  important  issue 
because  a  single  code  modification  to  an  Access- 
Point  interface  can  effect  multiple  networked 
applications.“We’ve  invested  a  lot  more  money  in 
testing  because  when  we  make  a  change  under 
the  covers  it’s  far  sweeping,”  Underwood  says. 

Because  an  SOA  can  layer  on  top  of  existing 
development  technologies,  platform  vendors 
such  as  BEA  Systems,  IBM,  Microsoft  and  Sun  are 
working  to  make  it  easier  for  users  to  build  SOAs 
with  built-in  tools  and  wizards.  “But  it’s  a  shell 
game,”  Schmelzer  says.  “Complexity  doesn’t  go 
away,  it  just  goes  somewhere  else.  And  in  this  case, 
the  complexity  is  the  architecture  itself.” 

In  addition,  migrating  to  Web  services  and  SOA 
requires  long-range  thinking  about  how  to  build 
useful  services  as  opposed  to  mere  APIs.  A  com¬ 
mon  mistake  is  to  underestimate  how  difficult  it 
can  be  to  establish  consistent  methods  of  evoking 
and  using  services. 

So  far,  a  lot  of  companies  are  opting  to  build 
Web  service  interfaces  simply  because  doing  that 
is  easier  and  less  expensive  than  using  propri¬ 
etary  tools  such  as  MQ  Series  to  link  applications, 
says  Anne  Thomas  Manes,  vice  president  and  re¬ 
search  director  at  Burton  Group. 

“Only  a  small  number  of  companies  are  enlight¬ 
ened  enough  to  recognize  that  ‘OK,  I  need  to  fol¬ 
low  certain  design  patterns  when  I  build  this  par¬ 
ticular  interface  so  I  make  sure  that  it’s  loosely 
coupled  so  it’s  flexible,  adaptable  and  reusable,’” 
Manes  says. 

The  network  application  platform 

What  users  need,  but  can’t  get  today  are  APIs 
that  are  agnostic  to  operating  systems, application 
servers  and  programming  languages,  Manes  says. 
“When  you  build  something  with  .Net  or  Java, you 
wind  up  using  a  bunch  of  infrastructure  services 
that  are  built  into  the  platform. That  lets  you  build 
a  nice,  tightly  integrated  system  —  as  long  as  you 
stay  within  the  specific  platform,”  she  explains. 

Manes  advocates  building  a  network  applica¬ 
tion  platform  that  makes  low-level  infrastructure 
services  available  directly  at  the  network  layer 
rather  than  as  part  of  the  language-specific  appli¬ 
cation  platform.  For  example,  companies  should 
use  a  network  level-based  security  framework 
rather  than  language-specific  security  services 
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such  as  Java  Authentication  and  Authorization 
Service,  she  says.  Likewise,  network-level  transac¬ 
tion  services  make  sense.  Otherwise  users  will  be 
forced  to  do  complicated  programming  to  enable 
cross-platform  operations,  she  says. 

“The  only  way  that  users  can  actually  make  the 
whole  concept  of  orchestrated,  composite  appli¬ 
cation  systems,  running  in  many  different  types  of 
platforms,  crossing  all  kinds  of  logical  and  physi¬ 
cal  boundaries,  work  is  if  they’re  actually  provid¬ 
ing  all  these  services  at  the  network  layerj’  Manes 
says.  “It’s  a  long-term  objective.  . . .  But  Web  ser¬ 
vices  certainly  is  going  to  enable  it.” 

Along  these  lines,  BEA  recently  unbundled  an 
application  security  framework  from  its  WebLogic 
platform  so  it  can  run  on  its  own  in  front  of  appli¬ 
cation  servers  from  any  vendor.That’s  a  really  in¬ 
teresting  tactic  for  BEA  to  take,”  Manes  says.  Con¬ 
versely  she  notes,  IBM’s  security  framework  re¬ 
quires  a  company  to  use  Tivoli  and  WebSphere. 

On  the  business  applications  front,  vendors 
have  a  role  to  play  in  helping  companies  realize 
a  new  application  architecture  as  well. 

“For  Web  services  to  work,  you  really  have  to 
break  down  big  applications  into  discreet  func¬ 
tional  components  and  make  those  components 
available  in  a  building  block  model,”  Greenbaum 
says.  “For  most  vendors  that  means  a  re-architec- 
ture  of  at  least  the  interfaces  to  the  different  busi¬ 
ness  functions  in  their  applications,  if  not  to  the 
entire  applications  architecture  itself.” 

SAP  which  is  turning  its  proprietary  BAP1  inter¬ 
faces  into  more  generalized  XML  interfaces,  is  a 
great  example,  Bloomberg  says. 

“SAP  realized  that  the  old  way  of  doing 
things  —  the  large  number  of  modules  that  are 
tightly  linked  to  each  other  —  has  to  change. 


SAP  is  revamping  [around]  a  service-oriented 

approach.” 

That  said,  no  one  expects  the  changes  to  hap¬ 
pen  overnight. 

“These  guys  move  slowlyf  Schmelzer  says.  When 
the  Web  really  became  potent  in  the  mid  1990s,  it 
took  the  enterprise  application  vendors  a  while 
before  they  added  Web  interfaces  to  their  prod¬ 
ucts  —  Siebel  Systems  was  a  client-server  appli¬ 
cation  until  1998  or  1999,  he  points  out. 

“Many  of  the  big  applications  vendors  are  be¬ 
ginning  to  understand  the  ramifications,  but  they 
have  other  very  pressing  agenda  items,  such  as 
maintaining  their  control  over  an  account,”  Manes 
says.’That  tends  to  be  a  real  driving  force  for  most 
of  these  vendors,  and  they  are  always  reluctant  to 
really  open  things  up  to  the  level  that  the  cus¬ 
tomer  wants.”They ’re  all  talking  about  it,  but  it  will 
be  a  long  process,  she  says. 

When  more  open  business  applications  plat¬ 
forms  do  exist,  they  will  propel  the  development 
of  new  applications  designed  with  the  assump¬ 
tion  that  standard  business  information  embed¬ 
ded  in  core  ERP  systems  are  readily  available, says 
Greenbaum,  pointing  to  Rubicon  Group’s  de¬ 
mand  forecasting  software,  which  helps  compa¬ 
nies  match  product  availability  and  price  to  mar¬ 
ket  demand. 

“That’s  an  application  that  takes  for  granted  the 
fact  that  there  are  demand  numbers  available 
from  a  company’s  supply  chain  management  sys¬ 
tem,  from  its  ERP  system,  from  its  sales  force  and 
from  its  distributors,”  Greenbaum  says.  “The  soft¬ 
ware  vendors  know  that  information  is  out  there 
and  increasingly  are  going  to  use  Web  services  to 
grab  that  stuff  and  provide  a  layer  of  functionality 
on  top.”  ■ 


— 

Designing  for  networks 

Rob  Gingell,  a  Sun  executive,  shares  his  thoughts  on  the 
evolution  of  application  development. 

Adopting  a  new  application  architecture  model  will  require  more  work 
than  companies  are  used  to,  says  Rob  Gingell,  vice  president  and  chief 
engineer  at  Sun. 

A  lot  of  what  companies  have  done  to  their  applications  since  1995,  when 
the  Internet  started  to  be  a  significant  business  factor,  can  be  characterized 
as  "a  real  effort  at  trying  to  do  as  much  as  they  can  by  doing  as  little  as 
they  can  get  away  with,”  Gingell  says. 

Most  applications  that  worked  through  Most  applications  that  worked 
through  the  end  of  the  1990s  were  actually  traditional  applications  wrapped  in  networking,  he  says, 
j  ‘‘I  don't  think  people  have  written  very  many  real  network  applications  yet,  in  terms  of  really  rethinking 
what  an  application  has  to  be  for  it  to  work  in  a  network  operating  environment  vs.  the  environment 
provided  by  a  traditional  operating  system,”  he  says. 

But  that  has  to  change  if  companies  want  to  enjoy  the  benefits  of  technologies  such  as  Web 
services.  "There’s  a  limit  to  how  much  you  can  corrupt  an  existing  application  to  make  it  live  in  an 
environment  that  it  wasn’t  designed  for,"  Gingell  says.  "We’ve  basically  been  resisting  networking 
for  18,  going  on  20  years.  We’re  finally  getting  to  the  point  where  people  are  starting  to  rethink  some  ! 
of  these  old  applications.” 

Rethinking  applications  means  no  longer  screening  network  complexity  from  software  developers, 
Gingell  says.  ; 

"We've  let  operating  systems  people  do  too  much  of  the  networking,  and  application  writers  have 
become  dependent  on  the  mothering  provided  by  the  operating  system  people,"  he  says.  Such 
mothering  resulted  in  things  such  as  remote  procedure  calls  —  a  feature  designed  to  mask  the 
network  by  making  a  remote  resource  look  like  a  local  resource.That  idea  doesn’t  hold  up  in  a  network 
of  tens  of  thousands  of  devices,  he  says. 

Application  writers  need  to  become  more  of  a  partner  to  the  operating  system  people  in  structuring 
what  applications  are  going  to  be  like  in  today’s  networked  environment,  he  says.They  need  to  design 
applications  that  take  into  account  that  a  network  connection  might  fail,  topologies  might  change, 
latency  might  occur,  and  bandwidth  might  be  restricted. 

—  Ann  Bednarz 
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PMC-SIERRA’s  2G  and  4G  STORAGE  ICs 

PBC  18x2G  -  18-port  Intelligent  1.0625/2.125  Gbit/s  FC  Arbitrated  Loop  PBC 
PBC  18x4G  -  18-port  Intelligent  2.125/4.25  Gbit/s  FC  Arbitrated  Loop  PBC 
PBC  4x2G  -  4-port  Intelligent  1.0625/2.125  Gbit/s  FC/GE  Retimer  and  Arbitrated  Loop  PBC 
PBC  4x4G  -  4-port  Intelligent  2.125/4.25  Gbit/s  FC  Retimer  and  Arbitrated  Loop  PBC 
QuadPHY  FC  -  Bi-directional  4-channel  1.0625/2.125  Gbit/s  FC  Transceiver 
QuadPHY  4GFC  -  Bi-directional  4-channel  2.125/4.25  Gbit/s  FC  Transceiver 


For  a  white  paper  on  Storage  Area 
Network  Architectures,  webinars  and 
more,  visit  www.pmc-sierra.com/storage 
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PMC-Sierra™  enables  2G  and  4G  Fibre  Channel  solutions. 
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No  other  storage  products  offer  the  intelligence  and  integration,  in  as  cost-effective  a  solution 

•  Sophisticated  system  diagnostic  capability  including  LPSM  Monitor,  LOS  Detect,  CRC  Error,  Line  Code  Violation 

•  Robust  signal  integrity  with  low  intrinsic  jitter  and  high  jitter  tolerance 

•  High  performance  scalable  1GHz  dual  processor 

•  High  density  18-port  and  4-port  architecture 

•  Simple  device  configuration  and  design  flexibility  decrease  time-to-market 

•  Ideal  for  RAID,  JBOD,  MBOD,  SBOD,  Storage  Gateway  and  FC  Switch  Director  applications 
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Within  the  new  data  cen- 


■  BY  DENI  CONNOR 


ter,  data  moves  from  one 
storage  resource  to  the 
next  based  on  informa¬ 
tion  life-cycle  manage¬ 
ment  polic:es. 


Chris  Smith,  senior  manager  of  computer  services  for  semicon¬ 
ductor  maker  PMC-Sierra,  knows  he  can  save  money  by  making 
storage  decisions  based  on  the  value  and  business  criticality  of 
the  information  stored  in  his  data  center. Working  with  business  managers  to 
determine  importance,  he  stores  the  frequently  accessed,  most  crucial  data 
on  expensive  primary  storage  while  relegating  less  important,  infrequently 
accessed  data  to  inexpensive  secondary  and  tertiary  storage.  Like  many  he 
is  slowly  gaining  an  understanding  of  a  new  form  of  data  management  that 
comes  part  and  parcel  with  the  move  to  the  new  data  center. 


Smith  calls  this  new  data  management  scheme 
“tiered  storage,”  but  it  also  is  known  as  informa¬ 
tion  life-cycle  management  (ILM)  or  data  life- 
cycle  management. 

Whatever  the  name,  this  technique  addresses 
how  a  company  manages  data  from  the  point 
of  its  creation  to  its  disposal.  ILM  consists  of  a 
number  of  methodologies,  such  as  problem 
assessment, socialization  —  working  with  busi¬ 
ness  partners  to  determine  data’s  value  —  clas¬ 
sification  and  review,  says  Nancy  Marrone- 
Hurley, senior  analyst  for  the  Enterprise  Storage 
Group  (ESG). 

“ILM  is  a  process  that  enables  you  to  move  data 
down  a  path  of  storage  resources,  from  a  high- 
performance,  high-capacity  filer  [or  disk  array] 
to  a  lower-end  disk  array,  to  a  tape  silo  so  it’s  near¬ 
line,  and  then  finally  to  a  permanent  archival 
media,”  Smith  says. 

At  PMC-Sierra,  Smith  reserves  Tier  1  storage  for 
the  production  data  used  most  frequently.  This 
type  of  data  —  information  on  semiconductor 
products  still  in  use  —  accounts  for  most  of  the 
company’s  storage.  Ninety  percent  of  PMC- 
Sierra’s  stored  data  belongs  in  Tier  1 ,  he  says. 

In  Tier  2,  he  uses  inexpensive  Advanced  Tech¬ 
nology  Attachment  (ATA)  drives  to  store  data 
that  isn’t  as  fresh  or  needed  as  often.  In  Tier  3,  he 
uses  tape  to  archive  data  that  is  accessed  even 
less  frequently. 

In  the  new  data  center 

For  ILM  to  work  within  the  new  data  center, 
companies  need  to  consolidate  their  storage. 
They  can  do  so  by  using  virtualization  or  via  an 
integrated  core-to-edge  director-class  switch  if 
they  have  storage-area  networks. 

Within  the  new  data  center, server  capacity  and 
storage  resources  are  virtualized,  data  moves 
from  one  storage  resource  to  the  next  based  on 
a  company’s  ILM  policies,  and  storage  and  provi¬ 
sioning  tools  reallocate  storage  dynamically. 
Server  and  storage  become  inseparable  (note 
EMC’s  acquisition  of  VMware  for  its  server  virtu¬ 
alization  software,  and  Veritas’  purchase  of  server 


The  life  cycle 
of  data 

Like  hierarchical  storage  management 
before  it,  information  life-cycle  man¬ 
agement  uses  a  tiered  approach.  But 
HSM  moves  data  based  on  age  alone 
while  ILM  determines  tier  based  on 
business  value. 

Tier  1:The  most  expensive  media,  such  as 
EMC  Symmetrix  or  Hitachi  Lightning,  stores 
data  generated  by  business-critical  appli¬ 
cations.  As  the  data  ages  or  becomes  less 
valuable,  it  moves  to  Tier-3  storage. 

Tier  2:  Less-expensive  secondary  storage, 
such  as  EMC  Clariion  or  HP  Storage  Works, 
holds  information  generated  by  front-office 
applications  such  as  MicrosoftWord. 

Tier  3:  Represented  by  inexpensive  Ad- 
vancedTechnology  Attachment  drives  and 
EMC's  Centera,  Network  Appliance’s  Near- 
Stor  or  StorageWorks'  BladeStore,  this  tier 
houses  fixed-content  data  that  doesn't 
change  or  is  accessed  less  frequently. 

Tier4:Tape  libraries,  such  as  Storage-Tek 
Tape  Library,  archives  aged  data  that  is 
reaching  the  end  of  its  corporate  usefulness. 

Tier  5:  An  offsite  tape  archive  might  house 
data  with  little  value  but  needed  for  histor¬ 
ical  reasons  or  to  support  litigation. 

— — * 

automation  vendor  Jareva  and  application  per¬ 
formance  management  company  Precise 
Software  Solutions).  As  these  technologies  take 
root,  the  result  is  far  more  flexible,  efficient  and 
cost-effective  storage  environments. 

Jim  Doedtman,  technical  planning  manager 
for  OSF  Healthcare,  a  nonprofit  healthcare  cor¬ 
poration  in  Fteoria,  Ill.,  recently  finished  classify¬ 
ing  data  as  part  of  an  ILM  program  begun  last 
year.  Through  this  process,  the  firm  found  it 
could  move  about  70%  of  its  transactional  data 


from  high-end  EMC  Symmetrix  and  Clariion 
Fibre  Channel  arrays  to  EMC’s  lower-cost 
Centera  arrays.  Fixed  content  data  —  medical 
images,  patient  registration  forms,  information 
that  never  changes  —  will  reside  on  the  Centera 
storage.  “The  other  30%  is  data  we  are  keeping 
online  based  on  frequency  of  use  and  age,” 
Doedtman  says. 

“We  have  EMC  Symmetrix  as  Tier  1,  Clariion 
Fibre  Channel  as  Tier  2,  Clariion  ATA  as  Tier  3  and 
we’ve  moved  to  EMC  Centera  for  Tier  4,”  he  says. 
While  tape  is  traditionally  the  last  tier, he  says  OSF 
Healthcare  has  created  disk-based  storage  tiers 
because  retrieving  data  from  disk  is  faster  and 
easier  compared  with  getting  data  from  tape. 

Only  the  beginning 

But  today’s  technology  only  can  take  ILM  users 
so  far,  ESG’s  Marrone-Hurley  says.  Smith  and 
Doedtman,  for  example,  must  move  data  from 
one  tier  to  another  manually  What  they  need  is 
the  ability  to  set  policies  that  trigger  the  auto¬ 
matic  movement  of  data  based  on  its  content, 
creation  date  or  last  access. 

Such  automation  is  the  aim  of  start-ups  such  as 
Arkivio,  KVS,  MessageOne  and  OuterBay  Tech¬ 
nologies,  as  well  as  the  reason  EMC  acquired 
Documentum  in  October  2003.  EMC  plans  to 
improve  the  intelligence  of  its  tiered  storage 
capabilities  through  the  integration  of  content 
management  software  it  gains  from  that  vendor. 

Multivendor  interoperability  and  integration  of 
disparate  storage  management  applications  also 
come  up  short  today 

“Users  with  multiple  storage  management 
applications  have  to  figure  out  how  to  integrate 
applications  that  support  ILM,”  says  John 
Webster,  senior  analyst  for  the  Data  Mobility 
Group.’Tm  not  sure  the  vendor  community  has 
stepped  up  to  that  yet.  The  proposition  that 
seems  to  be  out  there  is  ‘buy  everything  from  us 
and  we’ll  integrate  it.’  The  user  isn’t  going  to 
stand  for  that.” 

Marrone-Hurley  cautions  that  enterprise  stor¬ 
age  managers  shouldn’t  expect  the  ability  to 
invoke  integrated  end-to-end,  policy-based  ILM 
for  a  few  years.There  are  a  number  of  products 
that  can  do  certain  aspects  of  ILM,  but  interop¬ 
erability  and  levels  of  integration  among  soft¬ 
ware  and  hardware  are  not  here,”  she  says. 

Analysts  and  vendors  say  the  Storage  Net¬ 
working  Industry  Association’s  Storage  Manage¬ 
ment  Interface  Specification  will  promote  inter¬ 
operability  and  integration  of  ILM  applications. 
Users  await  that  work. 

“Most  of  the  ILM  software  is  fairly  new.  For  our 
environment,  we  don’t  have  a  good  fit  yet,” Smith 
says.'J  am  quite  interested  to  see  how  things  go 
in  the  next  12  months  and  who  percolates  to  the 
top  in  providing  a  solution  that  really  works.”® 
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The  champion  of  IP  PBX  systems. 


Zultys  is  the  technology  leader  in  the  IP  telephony  space, 
and  we  have  the  awards  to  prove  it. 

When  we  launched  our  first  product  a  year  ago  we 
promised  to  deliver  the  best  IP  telephony  products.  Since 
then,  we  have  launched  5  new  products  along  with  the 
industry’s  most  innovative  licensing  plan.  Each  product  is 
based  on  open  standards  and  has  been  proven  to  be  easy 
to  install  and  use. 

MX1200 — the  world’s  first  Enterprise  Media  Exchange. 

MX250 — the  Media  Exchange  designed  specifically  for 
the  smaller  site. 

ZIP 4x4 — the  world’s  most  highly  functional  IP 
telephone. 

ZIP 2 — the  affordable  IP  phone  for  any  business 
application. 

EIPZ4 — free  soft  phone  for  Linux:  www.lipz4.com. 

Call  us  today  to  find  out  how  your  organization  can 
benefit  from  the  winning  communications  solutions 
available  from  Zultys. 
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CIO  Frank  Hood  has  realized 
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what  a  treat  virtualized, 
pooled  storage  can  be  for 
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TONY  PEARCE 


Kr  rispy  Kreme.The  words  have  become  a 
nationwide  Pavlovian  bell  that  stimu¬ 
li  lates  cravings  for  fresh,  sticky  dough- 
nuts.Although  founded  in  1937,  the  company  wait¬ 
ed  until  2000  to  go  public,  after  which  its  confec¬ 
tions  obtained  near  cult  status  and  its  growth 
exploded.  From  140  stores  in  27  states  at  its  IPO,  the 
donut  maker  now  boasts  343  stores  in  42  states  and 
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By  employing  new  data-centen  tec! 
address  a  storage  binge,  Krispy  Krer 


new  back 


four  countries,  plus  other  venues  such  as  grocery  stores.  All  this  while  sales 
at  individual  stores  have  achieved  years  of  double-digit  growth. 


Such  success  left  Krispy  Kreme  CIO  Frank  Hood 
with  a  problem:  out-of-control  storage  growth. 

Between  company-owned  and  franchise  stores, 
Krispy  Kremes  30-person  IT  department  supports 
about  1 ,000  users,  many  through  its  extranet  for 
franchisees  —  Mykrispykreme.com  —  which 
gives  access  to  real-time  applications  such  as 
sales  reports  and  training  videos.  Some  data  gen¬ 
erated  by  these  1,000  folks  follows  easily  pre¬ 
dictable  growth  patterns  and  some  doesn’t. 

For  instance,  Hood  could  accurately  predict  the 
storage  needs  for  the  three  data  warehouses  used 
to  track  sales.  He  simply  used  data  warehouse 
tools  to  estimate  how  many  transactions  each 
store  was  likely  to  have  (the  data  warehouses 
store  every  sales  transaction  from  about  the  past 
eight  years). But  storage  for  other  applications  was 
leaping  wildly  and  unpredictably 
Hood  had  thrown  hardware  at  the  problem,  but 
in  fewer  than  four  months,  a  new  lG-byte  disk 
array  had  been  filled.  Clearly  he  needed  a  far  bet¬ 
ter  method  than  server-attached  storage  to  pre¬ 
dict  and  manage  the  hodgepodge  storage  arrays 
Krispy  Kreme  had  begun  to  accumulate.  He 
needed  new  data-center  storage  technologies 
without  spending  a  fortune. 

After  examining  his  options,  Hood  selected  net¬ 
work-attached  storage  (NAS).  He  says  NAS  was  a 
proven  technology  with  advanced  management 
functions,  such  as  self-healing  and  speedy  back- 
up/restore  options.  Plus,  NAS  gave  him  a  fast  route 
to  virtualized,  pooled  storage  while  using  his 


already-paid-for  disk  arrays. 

Specifically,  Krispy  Kreme  deployed  Network 
Appliance’s  NetApp  F825  appliance,  which  gives 
the  company  2.4T  bytes  of  storage  capacity.  Net¬ 
App  SnapShot  and  SnapRestore  software  provide 
data  recovery,  and  Virtual  Local  Disk  software  per¬ 
forms  virtualization  tasks.  Rather  than  Fibre 
Channel,  the  company  uses  the  less  expensive 
and  easily  deployable  iSCSI  Ethernet-based  stor¬ 
age  protocol  to  link  e-mail  servers  and  the  main 
SQL  datastores  to  the  F825,  Hood  says.  Ethernet 
connections,  from  a  Nortel  Passport  8300  Layer  3 
core  switch,  operate  at  1G  and  10/100M  bit/sec. 
Users  reside  on  one  virtual  LAN,  taking  one  of 
four  lG-bit/sec  connections  for  directory  access. 

“We  took  the  opportunity  to  take  all  this  dis¬ 
parate  storage  that  was  decentralized  —  a  little 
bit  of  storage  here  and  a  little  bit  of  storage  there 
—  and  we  took  the  low-hanging  fruit  first.  We 
consolidated  user  directories  and  major  data¬ 
stores  that  were  in  common  areas  to  the  [NAS], 
then  we  looked  at  higher-user  systems  —  like 
e-mail,”  he  says. 

Servers  that  access  the  NAS  include  Microsoft 
SQL  Server,  IBM  Lotus  Domino  Web  servers  and 
those  for  other, specialized  applications. These 
servers,  a  mix  from  HP  and  IBM,  aren’t  self-heal¬ 
ing,  but  are  self-managing.  “What  we’ve  got  is  a 
box  that  says, ‘I’m  sick,  come  and  fix  me’  before 
our  data  center  folks  would  know  it’s  broken,”  he 
says.  Hood  organized  the  application  servers 
onto  a  VLAN  and  created  a  3G-bit/sec  pipe  to 


them  using  the  remaining  Gigabit  links. 

Company-owned  stores  tie  into  the  network  over 
private  lines  operating  at  64K-  to  128K-bit/sec. 
(Franchisees  are  asked  to  supply  their  own  Inter¬ 
net  access, high  speed  if  possible, to  gain  access  to 
Mykrispykreme.com.  For  those  that  must  dial  up, 
Krispy  Kreme  maintains  a  Citrix  server.) 

Improved  backup  was  an  immediate  benefit  of 
the  new  storage  design.  With  NetApp’s  SnapShot 
software,  Krispy  Kreme  conducts  incremental 
backups  of  its  most  precious  IT  byte  of  sales 
data  12  times  daily  Should  a  crash  occur, “I  can 
get  you  back  up  with  your  data  from  two  hours 
before  the  event,  and  a  re-install  takes  seconds,” 
Hood  says. 

Centralized  storage  over  an  Ethernet  core  also 
led  Krispy  Kreme  to  link  corporate,  manufactur¬ 
ing  and  distributing  facilities  near  its  Winston- 
Salem,  N.C.,  headquarters  over  an  outsourced 
metropolitan-area  network  (MAN)  operating  at 
100M  bit/sec.  With  the  MAN  and  NAS  in  place, 
Hood  is  contemplating  plans  to  ditch  Krispy 
Kremes  expensive  outsourced  disaster-recovery 
provider  in  favor  of  placing  synchronized,  mir¬ 
rored  NAS  systems  at  the  facilities  it  owns. 

“Instead  of  going  to  Chicago  for  recovery,  we 
can  go  to  Greensborough,just  30  minutes  down 
the  road,”  he  says. 

The  only  reservation  Hood  had  about  his  new 
data  center  storage  was  moving  to  a  single  point 
of  failure.  But  that  has  proven  to  be  a  non-issue, 
he  says.  Plus, better  storage  management,  includ¬ 
ing  automatic  failover  of  a  troubled  disk,  has 
freed  his  staff  from  many  mundane  tasks.  “You 
have  to  force  yourself  to  notice  [the  NAS]  be¬ 
cause  it  is  monitoring  itself.”  ■ 


Tired  of  using  KVM  ports 
to  cascade  your  switches? 

Stack  'em! 


It's  that  easy. 


Paragon  II  The  best  CAT5  KVM  switch  just  got  better... 

-  With  Stacking  -  New  Management  Software  - 
Optional  Integrated  IP  Access  and  Power  Control! 


It's  stackable.  Expand  capacity  while  maintaining  non-blocked  access  using  90  percent  less  cable  than  cascading!  Reduce  Total 
Cost  of  Ownership  by  up  to  30  percent!  With  stacking,  it's  easy  to  add  up  to  128  ports  per  switch. 


Paragon  Manager™  software  saves  time  and  improves  efficiency.  Perform  system-wide  firmware  upgrades  with  a  few  mouse  clicks. 

The  new  Paragon  II  optional  user  station  with  Integrated  IP  Access  saves  you  space  and  lowers  your  cost  -  versus  separate  IP 
gateways  -  still  giving  secure  Anytime,  Anywhere  access  to  your  data  center  infrastructure.  Need  to  recycle  power  or  reboot? 
Now  you  can  -  whenever  you  need  to,  with  the  Paragon  II  advanced  power  management  feature. 


Finding  out  about  Paragon  II  is  easy 
Visit  us  at  raritan.com/P2_nw 
or  call  us  at  1-800-724-8090,  x980 
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In  the  new  data  center,  technologies  that  protect 
and  control  will  work  more  closely  together 


- 
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■  BY  DENISE  DUBIE 

Network  management  software  and  security 
devices  lead  separate  lives  today  but  in  the 
new  data  center,  the  two  disciplines  will 
come  together  to  form  a  not-so-odd  couple.Together  they 
will  speed  problem  diagnosis,  detect  potential  threats, 
automate  change  management  and  enforce  security  and 
compliance  policies. 


Such  is  the  vision  of  Scott  Raymond,  network  manager  at  OMD,  a  New 
York  media  buying  agency  that  is  constructing  a  new  data  center  archi¬ 
tecture.  Raymond  recently  pooled  network  connectivity  across  10  loca¬ 
tions  into  a  centralized  data  center  in  New  York. The  move  enables  him  to 
track  more  than  95%  of  the  company’s  traffic  from  one  location.  Yet 
Raymond  says  automated  change  management  software  would  put  his 
mind  more  at  ease. 

“We  saw  the  need  to  put  our  resources  in  a  resilient  data  center,  but  one 
of  the  issues  many  companies  have  is  tracking  changes  that  have  been 
made  to  network  equipment,”  Raymond  says.  An  automated  tool  that  would 
log  changes  and  check  those  against  how  things  are  supposed  to  be  con¬ 
figured  would  prevent  him  from  leaving  his  data  center  vulnerable  to  attack 
while  tracking  down  the  source  of  a  problem.  “It  makes  sense  to  bring 
[management  and  security]  together. To  be  able  to  say  that  an  outage  in 
Atlanta  correlates  to  this  security 
breach  on  this  router  would  decrease 
troubleshooting  time,”  Raymond  says. 

Ultimately  as  new  data  center  technol¬ 
ogy  evolves,  Raymond  should  realize 
this  vision.  He  should  be  able  to  deploy 
the  automation  and  predefined  rules  of 
management  software  in  combination 
with  security  event  and  compliance 
data  to  ensure  servers,  switches, 
routers  and  other  network  devices 
are  properly  patched  and  config¬ 
ured.  Technologies  such  as  event 
correlation,  policy-based  manage¬ 
ment,  and  configuration  and 
change  management  will  com¬ 
prise  equal  parts  security  and  _ 
management. This  will  let  IT  man¬ 
agers  support  a  data  center  that  lets 
outsiders  in  —  without  putting  the 
business  at  risk. 


Data  center  ideal 

Security  and  management  technologies  will  become 
one  to  enable  secure  access  and  control  across  a 
flexible  and  adaptive  infrastructure. 


Change  management 
software  will  track 
router  and  switch 
configurations  to  ensure 
that  ports  remain  safe 
from  intruders  and  the 
device  performs  as 
expected. 
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“The  last  thing  you  want  to  do  when 
securing  your  data  center  is  shut  out 
revenue-generating  partners  or  cus¬ 
tomers,”  says  Rich  Baich.CIO  at  Choice- 
point,  an  Atlanta  provider  of  identifica¬ 
tion  and  credential  verification  services 
for  the  insurance  industry.  “Right  now, 
isolated  security  events  occur.  What  has 
to  happen  is  the  centralization  of  that 


Enterprise  network  executives 
will  rely  on  one  management 
console  to  monitor  network  and 
security  events. 


security  information  on  a  management  console  that  makes  intelligent  deci¬ 
sions  and  takes  action.” 

Self-provisioning,  self-protecting  and  self-managing  capabilities  begin 
with  data  sharing, says  Glenn  O’Donnell, a  research  director  at  Meta  Group. 
“The  processes  for  handling  security  events  and  more  generalized  event 
management  should  and  can  be  similar  if  not  identical,”  he  says. 

Today  software  from  BMC  Software,  Computer  Associates,  IBM  and  HP 
monitor  network  events.  Niche  players  such  as  ArcSight,  e-Security,  net- 
Forensics  and  Network  Intelligence  deliver  products  to  help  filter  and  make 
more  sense  of  security  events  generated  from  firewalls,  intrusion-detection 
systems  (IDS)  and  other  security  devices.  In  the  new  data  center,  one  man¬ 
agement  system  will  collect  network  and  security  events,  and  correlate  the 
events  for  quick  identification  of  the  source  of  network  performance  prob¬ 
lems  or  security  breaches. 

“Event  correlation  is  the  key  to  bringing  management  and  security 
together,”  Baich  says. 

Network  executives  should  be  able  to  write  policies,  which  when  en¬ 
forced  by  the  management  software,  would  be  able  to  detect  when  a  secu¬ 
rity  event  is  threatening  network  performance.  For  example,  a  Web  server 
getting  relentlessly  pinged  by  an  unauthorized  external  address  would 
begin  missing  pre-set  performance  thresholds  and  start  overloading  man¬ 
agement  software  with  error  messages.  With  integrated  IDS  data,  the  man¬ 
agement  software  would  immediately  recognize  the  source  of  the  network 
degradation  as  related  to  an  attack  on  that  server. 

The  availability  of  advanced  provisioning  software  also  becomes  crucial. 
These  tools  would  not  just  enable  the  rollout  of  new  servers,  applications 

and  patches  as  they  do  today  but  also 
would  store  secure  and  accurate  con¬ 
figuration  data  for  switches,  routers 
and  servers.  Enterprise  IT  managers 
would  first  input  configuration  data, in¬ 
cluding  software  versions,  patches 
applied  and  licensing  agreements. 
When  a  server  is  provisioned  auto¬ 
matically,  they  could  rest  easily, 
assured  that  the  server  is  up  to  date 
on  patches  and  config¬ 
ured  to  support  applica¬ 
tions  in  line  with  pre-set 
performance  baselines, 
for  example. 

Intrusion-prevention 
systems  can  use  config¬ 
uration  data  to  scan  the 
data  center,  identify 
attacks  and  block  nefari¬ 
ous  traffic. 

And,  regular  vulnerability  and  com¬ 
pliance  scans  can  prompt  manage¬ 
ment  software  to  apply  patches  where 
needed. “Knowing  how  things  should 
be  configured  and  tracking  all 
changes  made  will  enable  more 
automation,”  O’Donnell  says.  “And  it 
will  protect  servers  from  internal  and 
external  attacks.”  ■ 
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Configuration  manage¬ 
ment  software  will 
store  data  regarding 
the  proper  server 
configuration,  patches 
applied  and  license 
agreements  to  keep 
servers  up  and  running 
at  peak  performance 
and  in  compliance. 


Security  devices  will 
send  alerts  to  a 
management  con¬ 
sole  to  enable  event 
correlation  with 
network  alerts  and 
speed  time  to 
problem  resolution. 
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A  California  law 
firm  puts  some  of 
the  hottest  new 
technologies  into 
practice. 


■  BY  JULIE  BORT 


higher-speed  connections  such  as  metro  Ethernet 
and  DSL  Should  a  frame-relay  link  fail,  users 
would  then  be  able  to  tunnel  into  the  corporate 
network  via  a  VPN.  Plus,  at  each  office  Weeks  will 
load  balance  between  the  frame  relay  and  high¬ 
speed  Internet  connections  and  routers  will 
direct  traffic  over  the  lowest  cost  path,  he  says. 

For  LAN  traffic,  Weeks  replaced  stacked  hubs 
with  a  Cisco  Catalyst  4500  switch  at  each  remote 
site.  For  the  multi-floor  Riverside  office,  which  has 
several  wiring  closets,  Weeks  replaced  hubs  with 
Cisco  4506  or  3550  switches.  Servers  sit  on  1G- 
bit/sec  Ethernet  segments  while  clients  use 
10/100M-bit/sec  links. 

As  if  this  wasn’t  enough,  Weeks  also  overhauled 
the  document  management  system.  He  converted 
PC  Docs  from  Windows  98  to  XP  and  then  outfit¬ 
ted  remote  offices  with  Citrix  servers  to  give  them 
better,  fully  remote  access  to  the  document  man¬ 
agement  system. “The  vision  I’m  selling  is  that  in¬ 
formation  needs  to  be  available  anywhere,"  he 
says,  adding  that  legal  documents  represent  valu¬ 
able  intellectual  property  His  goal  is  to  store  and 
manage  the  firm’s  gold  mine  of  resources  more 
intelligently,  and  to  make  it  more  accessible. 

With  a  new  intelligent  data  center  online,  he  is 
doing  just  that.B 


ast  June,  John  Weeks  stood  in  the  data  center  at  the  River- 
I  side,  Calif.,  headquarters  of  law  firm  Best  Best  &  Krieger 
envisioning  a  forklift.  As  the  newly  hired  IT  director 
for  this  six-office, 3 10-employee  firm,  he  had  to  solve  some  press¬ 
ing  problems  inhibiting  aggressive  growth  plans. 


The  100-year-old  law  firm,  one  of  California’s 
largest,  had  evolved  without  a  formal  IT  agenda 
despite  relying  on  mission-critical  applications 
for  functions  such  as  document  management 
and  billing. Weighing  the  firm  down  were  an  aged 
Novell  NetWare  4  network,  a  patchwork  of  desk¬ 
top  operating  systems,  ancient  e-mail  and  word 
processing  platforms,  plus  inadequate  security 
bandwidth  and  systems  management. 

Weeks  set  about  transforming  the  rickety  IT  in¬ 
frastructure  into  a  model  of  the  new  data  center 
—  a  feat  he  wanted  done  in  six  months. 

Experience  with  the  old,  constantly  failing  IT 
systems  made  BB&K  partners  and  other  employ¬ 
ees  wary  of  trusting  a  fully  centralized  data  cen¬ 
ter,  Weeks  says,  so  he  wanted  a  design  that  would 
allow  offices  to  function  separately  Plus  some  of 
the  firm’s  critical  custom  billing  applications 
wouldn’t  “play  well  with  other  applications”  when 
sharing  hardware,  he  describes.  A  traditional  de¬ 
sign  would  have  placed  these  on  their  own 
servers  and  included  separate  mini  data  centers 
at  each  site  —  an  expensive  approach  that  would 
waste  a  lot  of  hardware  capacity.  Virtualization,  a 
tenet  of  the  new  data  center,  provided  the  answer. 

Integrator  Agile360  pitched  a  data  center  design 
that  featured  virtualization  software  from  VMware 
(recently  acquired  by  EMC).  With  virtualization, 
even  those  anti-social  applications  could  be 
made  to  share  servers.The  virtualization  product 
“isolates  each  instance  of  an  application,  so  the 
application  doesn’t  necessarily  need  its  own 
hardware,”  Weeks  says. 

Moreover,  virtualization  gave  Weeks  the  cost- 
efficient  redundancy  he  needed,  as  “virtualized” 
primary  servers  can  be  backups,  too.  By  encap¬ 
sulating  a  specific  virtual  machine  (an  applica¬ 
tion  and  its  operating  system  needs),  any  appli¬ 
cation  can  be  nearly  instantly  ported  to  any 
available  server. 

Weeks  bought  more  RAM  for  two  HP  ProLiant 
DL380  servers  he  had  recently  installed  at  the 
main  Riverside  data  center  (for  8G  bytes  of  RAM) 
and  loaded  VMware ’s  ESX  Server  software  on 


them.  He  similarly  upgraded 
and  outfitted  five  ProLiant 
ML370s  installed  at  the  remote 
offices.This  gave  the  data  cen¬ 
ter  many  machines  that  could 
virtually  operate  as  one  —  or 
as  redundant  servers.  Weeks 
consolidated  54  outdated 
servers  into  16  new  servers 
running  the  VMware  software. 

With  the  addition  of  Micro¬ 
soft  Clustering  Services,  which 
Weeks  is  implementing  now, 
the  data  center  servers  also 
can  fail  over  to  one  another 
while  offering  guaranteed 
performance  even  for  demand¬ 
ing  e-mail  and  database  applications.  They  also 
scale  easily 

Because  clustering  requires  a  storage-area  net¬ 
work,  Weeks  built  a  hefty  100G  byte  Compaq 
10000  Fibre  Channel  SAN  in  the  Riverside  data 
center.  “My  design  goals  were  to  not  have  to  buy 
hardware  for  three  years,”  Weeks  says.  Compaq  In¬ 
sight  Management  server  management  software 
gave  the  data  center  self-management  functions 
such  as  auto  discovery. 

Weeks  replaced  older  Gateway  desktops  run¬ 
ning  Windows  98,  WordPerfect  and  GroupWise 
with  Dell  270s  running  Windows  XP  and  Office 
XP  upgrading  to  Exchange  in  the  back  office  as 
well.  Plus,  he  outfitted  all  desktops  with  Altiris 
client  management  software.  Gone  were  the  days 
when  IT  had  to  be  told  when  a  systems-level  fail¬ 
ure  occurred. 

In  the  WAN,  he  replaced  a  managed  frame-relay 
network  with  frame-relay  service  from  SBC.  While 
the  Riverside  office  connects  to  the  frame-relay 
WAN  via  a  3M-bit/sec  ATM  link,  all  remote 
offices  access  the  company’s  WAN  via  frame-relay 
links.  Direct  Internet  access  is  available  from 
Riverside. 

In  addition.  Weeks  is  replacing  128K-bit/sec 
ISDN  links  that  had  been  used  for  backup  with 
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The  value  of  information  rises  and.  falls  over  time.  Now  there  is  a  way 
to  manage  information’s  changing  value,  from  the  time  it’s  created  until  the 
moment  you  dispose  of  it  forever  —  information  lifecycle  management .  It’s  a 
process  that  can  significantly  reduce  the  cost  and  complexity  of  managing 
your  ever -changing,  always  growing  body  of  information.  All  the  while  ensuring 
that  it  is  protected  and  available.  And  EMC  is  the  only  company  that  has  the 
technologies,  services,  and  solutions  to  bring  information  lifecycle 
management  to  life.  To  learn  more,  visit  EMC.com/ilm  or  call  (866)  796-6369. 
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GFP  optimizes  storage  over  SONET 


HOW  IT  WORKS 


Generic  Framing  Procedure 

GFP  is  an  encapsulation  method  that  helps  extend 
SANs  over  the  wide  area.  Using  GFP,  a  SONET  network 
can  carry  Fibre  Channel  traffic  with  no  required 
enhancements. 
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O  Disk  arrays  and  servers  capture  a  snapshot  of  storage  volume  in  the  New  York  data  center. 

©  A  SONET  add/drop  multiplexer  (ADM)  using  GFP  maps  the  Fibre  Channel  traffic.  Bandwidth  is 
efficiently  allocated  in  multiples  of  50M  bit/sec  increments  using  VCAT  technology. 

©  Once  the  Fibre  Channel  traffic  is  mapped  onto  SONET  using  GFP,  it  flows  across  the  global  SONET 
network  with  no  required  enhancements.  Only  the  bandwidth  allocated  using  VCAT  is  utilized  across 
the  network. 

©  The  GFP-enabled  SONET  ADM  in  Chicago  receives  traffic  from  the  SONET  WAN  and  removes  the 
SONET  mapping  from  the  data. 

©  The  local  Fibre  Channel  SAN  delivers  the  Fibre  Channel  packets  to  the  destination  storage  array, 
including  disk  arrays  and  servers. 


■  BY  JACK  HUNT 

Companies  are  increasingly  focused  on 
developing  disaster-recovery  and  busi¬ 
ness-continuity  plans  to  minimize  the 
effect  of  large-scale  service  disruptions. 
And  some  sectors  such  as  healthcare  and 
financial  services  must  meet  regulatory 
requirements  pertaining  to  data  security 
and  availability  To  meet  the  need  for  rapid 
recovery  and  restoration,  organizations 
are  looking  to  extend  the  reach  of  their 
storage-area  networks. 

Generic  Framing  Procedure  (GFP)  is  an 
encapsulation  method  that  is  helping 
answer  the  call  for  SAN  extension  by  let¬ 
ting  Fibre  Channel  SAN  traffic  be  carried 
directly  onto  the  SONET  network  in  an 
efficient  and  cost-effective  manner.  This 
technology  provides  a  standards-based 
way  to  carry  Fibre  Channel  and  Fibre 
Connection  (FICON)  storage  traffic  seam¬ 
lessly  over  SONET  circuits  without  any 
changes  to  the  SONET  infrastructure. 

SONET  is  the  underlying  transport  pro¬ 
tocol  that  carries  all  enterprise  voice, 
video,  data  and  storage  traffic  across  met¬ 
ropolitan-area  networks  and  WANs. 
SONET  is  particularly  well-suited  to  carry 
enterprise  mission-critical  storage  traffic 
because  it  is  connection-oriented,  and 
latency  is  deterministic  and  consistent.  It 
is  also  secure  and  resilient,  possessing 
both  in-band  and  out-of-band  manage¬ 
ment  and  sub-50-millisec  failover. 

Previously,  corporations  had  to  convert 
storage  traffic  to  intermediary  protocols 
such  as  ATM,  frame  relay  or  IP  to  access 
the  SONET  network.  This  added  more 
overhead  and  security,  resiliency  latency 
and  performance  problems. 

GFP  can  be  deployed  as  an  interface  on 


an  optical  switch  and  lets  companies 
more  efficiently  utilize  their  SONET  cir¬ 
cuits.  They  can  use  GFP  at  the  edge  of 
leased  SONET  circuits  (such  as  OC-3,  OC- 
12,OC-48)  and  then  can  allocate  portions 
of  that  circuit  using  virtual  concatenation 
(VCAT)  for  storage,  voice,  data,  video  and 
the  like.  VCAT  is  a  transport  technology 
defined  by  the  ITU-T  (G.707/G.783)  to 
extend  the  utility  of  the  SONET  transport 
layer  by  letting  bandwidth  be  allocated  in 


multiples  of  50M  bit/sec  Synchronous 
Transport  Signal  increments  using  only 
the  bandwidth  an  application  requires. 

The  cost-effectiveness  of  GFP  is  greatly 
improved  with  VCAT.  Companies  benefit 
because  they  can  send  data  at  the  optimal 
bandwidth,  and  service  providers  benefit 
because  they  can  maximize  the  efficiency 
of  their  overall  network. 

Corporations  also  do  not  necessarily 
need  private  SONET  rings  to  benefit  from 


GFP  If  they  do  have  private  SONET  rings 
(that  is,  they  have  fully  dedicated  OC-192 
SONET  bandwidth  vs.  part  of  the  SONET 
bandwidth)  they  also  can  use  GFP  to  get 
better  utilization  and  efficiency  of  their 
SONET  infrastructure. 

The  emergence  of  GFP  enables  a  very 
efficient  mapping  of  storage  protocols 
directly  onto  the  widely  available  SONET 
infrastructure.  This  process  is  facilitated 
with  a  SONET  add/drop  multiplexer, 
which  transforms  Fibre  Channel  and 
FICON  traffic  directly  into  SONET  pay- 
loads,  which  can  then  be  transported  over 
a  SONET  WAN. 

For  example,  connecting  two  SANs  with 
200M  bit/sec  of  Fibre  Channel  traffic  pre¬ 
viously  would  have  required  a  dedicated 
OC-12  of  bandwidth,  effectively  utilizing 
only  35%  of  the  bandwidth.  With  storage 
over  SONET  using  GFP  with  VCAT,  compa¬ 
nies  utilize  and  pay  for  only  200M  bit/sec 
of  bandwidth.  The  net  result  is  65%  lower 
bandwidth  and  lower  cost  by  implement¬ 
ing  storage  over  SONET. 

Corporations  typically  will  find  storage 
over  SONET  using  GFP  and  VCAT  to  be  a 
cost-effective  way  to  extend  their  SANs  to 
enable  enhanced  disaster  recovery  and 
business  continuity 

Utilizing  GFPcompanies  can  deploy  their 
own  private  storage  over  SONET  solutions 
by  purchasing  storage  over  SONET  equip¬ 
ment  and  leasing  SONET  circuits  from  a 
service  provider.  Conversely,  they  can 
obtain  a  storage  private-line  service  offer¬ 
ing  from  one  of  the  many  service  providers 
that  are  starting  to  roll  them  out. 

Hunt  is  director  of  marketing  for  storage 
and  photonics  at  Nortel.  He  can  be 
reached  at  jackhunt@nortelnetworks.com. 


Dr.  Internet 


By  Steve  Blass 


Our  Web  forms  need  to  be  updated.  We  thought 
about  using  Flash,  but  don't  have  the  correct 
version  for  forms.  Are  there  any  alternatives  for 
working  with  forms  and  forms  data  in  Flash? 

Mozquito  Deng  is  an  implementation  of  the 
World  Wide  Web  Consortium  (www.w3c.org) 
XForms  specification  built  as  a  Flash  compo¬ 
nent  (available  at  www.nwfusion.com,  Doc- 
Finder:  9734).  XForms  (DocFinder:  9735)  is 


described  as  a  specification  for  Web  forms  sup 
porting  a  variety  of  platforms.  Deng  is  an 
XForms-capable  browser  built  as  a  Flash  movie 
that  can  be  used  with  any  Flash-enabled 
browser.  An  HTML  page  loads  the  Deng  Flash 
component,  which  then  loads  an  XHTML  page 
containing  XForms.  Examples  of  how  to  use 
Deng  and  XForms  are  available  at  www.xforms 
institute.com.  Some  differences  between 
XForms  and  HTML  forms  are  that  your  forms 


documents  must  be  valid  XHTML,  and  data  is 
submitted  to  your  server  in  XML  format  rather 
than  the  name/value  pairs  format  common  to 
HTML  form  submissions.  More  about  the  grow¬ 
ing  number  of  XForms  implementations  can  be 
found  at  DocFinder:  9736. 

Blass  is  a  network  architect  at  Change@Work.  in 
Houston.  He  can  be  reached  at  dr.  internet© 
changeatwork.  com. 
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Cascading  Style  Sheets,  oh  my! 


GEARHEAB 
INSIOE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


A  friend  recently  asked  us  how  Cas¬ 
cading  Styie  Sheets  really  function 
(we  have  strange  friends).  He 
added, “1  mean,  I  know  what  they  are  for, 
but  how  do  they  work?”  We  suspect  that 
many  people  might  have  the  same  ques¬ 
tion,  so  this  week  we  are  going  to  start 
exploring  CSSs. 

We  will  start  with  the  basics:  CSSs  are  a 
way  to  separate  content  from  style.That  is, 
they  allow  the  formatting  of  HTML  docu¬ 
ments  according  to  rules  that  can  be 
applied  to  all  or  specific  parts  of  the  con¬ 
tent.  And  they  are  referred  to  as  “cascad¬ 
ing”  because  the  styles  are  applied  in 
sequence. 

The  browser’s  default  styles  are 
assigned  the  lowest  priority  while  any 
styles  defined  in  an  external  style  sheet 
are  assigned  the  next-higher  priority 
level.  The  next  level  up  are  the  styles 
defined  in  a  style  sheet  inside  the  docu¬ 
ment,  and  the  highest  priority  are  the 
styles  defined  in-line,  that  is,  inside  indi¬ 


vidual  HTML  elements. 

This  means,  for  example,  that  a  style  for 
an  element  (a  specific  HTML  item  such 
as  bold  tag)  that  is  defined  only  in  the 
browser  will  “flow”  through  to  the  final  pre¬ 
sentation  unless  that  tag  is  redefined  in  an 
external  style  sheet  or  in  another,  higher- 
priority  style  sheet. 

CSS  development  is  under  the  auspices 
of  the  World  Wide  Web  Consortium 
(W3C),  and  there  are  four  versions  (for 
details  go  to  www.nwfusion.com,  Doc- 
Finder:  9729).  CSS  Level  1,  released  in 
1996,  defined  the  core  CSS  features.  CSS- 
Positioning  (CSS-P  which  W3C  no  longer 
has  documentation  for)  was  an  interim 
standard  that  added  absolute  screen  posi¬ 
tioning  to  CSS1. 

CSS  Level  2  (CSS2),  released  in  1998, 
took  CSS1  and  CSS-P  and  added  support 
for  international  character  sets  and 
media-specific  style  sheets  to  address  pre¬ 
sentation  by  visual  browsers,  audio  ren¬ 
dering,  printers,  Braille  readers  and  other 
handheld  devices,  as  well  as  content  posi¬ 
tioning,  downloadable  fonts,  table  layout, 
automatic  counters  and  numbering,  and 
some  user  interface  properties. 

CSS  2.1  corrects  a  few  errors  in  CSS2, 
and  CSS  Level  3  is  still  in  the  works. 

So  what  do  we  mean  by  “style”?  Styles 


are  properties  of  HTML  elements  and  can 
be  divided  into  the  following  types:  text 
style,  text  layout,  background,  border,  mar¬ 
gin,  padding,  page  layout,  element  type 
and  user  interface.  You  can  find  a  com¬ 
plete  list  of  properties  at  DocFinder:  9730. 

Browser  compatibility 

Now  you  might  be  thinking, “Gee,  Gear- 
head,  with  so  many  levels  and  properties 
and  such  a  potentially  complicated  idea, 
how  CSS-compatible  are  the  various 
browsers?”  Glad  you  asked.  The  answers 
can  be  found  at  the  extremely  useful  Web 
site  QuirksMode.org,  which  belongs  to  a 
freelance  Web  developer  in  Amsterdam 
named  Peter-Paul  Koch  (go  to  Doc- 
Finder:  9731  for  more  information). 

The  bottom  line  is  that  no  browser 
seems  to  really  get  everything  right,  but 
there  is  enough  commonality  between 
browsers  for  CSS  to  be  effective.  Check 
out  some  of  the  minutiae  Koch  gets  into 
about  CSS  bugs  and  incompatibilities  — 
really  cool  if  you  like  that  kind  of  stuff. 

Now  how  does  CSS  work?  Simple  . .  .sort 
of.  CSSs  are  sets  of  rules  that  tell  HTML 
tags  how  to  display  their  contents.  There 
are  three  rule  types:  HTML  selectors, 
classes  and  IDs. 

HTML  selectors  are  the  text  part  of 


HTML  tags;  For  example,  the  “h  1  ”  in  “<h  1>” 
is  the  selector.  A  CSS  rule  to  define  the  hi 
selector  could  be: 

hi  {font:24pt  bold  courier;} 

A  class,  denoted  by  a  period  followed  by 
a  string,  can  be  applied  to  multiple  HTML 
tags.  Here’s  a  definition  for  a  class  named 
warning: 

.warning  (font:8pt  italic  Arial;} 

Thus,  the  following  paragraphs  inherit 
the  style  of  the  class  “warning”  while  those 
that  aren’t  styled  or  have  a  different  class 
don’t: 

<p  class=“warning”>Watch  outk/p> 
<p>No,  really  . .  .</ p> 

<p  class=  “warning”>I’m  not 
kiddingk/p> 

<p  class=“itsover”>Too  late.</p> 

Finally,  an  ID,  denoted  by  a  “^’followed 
by  a  string,  is  much  like  a  class  but 
intended  to  apply  a  style  to  a  single  tag, 
thus: 

^warning  {font:  8pt  italic  Arial;} 

In  use,  this  looks  much  like  the  class 
example  but  you  normally  would  only 
find  one  instance  of  an  element  using  the 
style: 

<p  id=“warning”>Watch  outk/p> 

Next  week,  we  ’ll  bring  it  on  home,  baby. 
Groove  to  gearhead@gibbs.com. 


Previewing  the  cool  stuff  at  Demo 


Cool 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


This  week’s  Demo  conference  (brought  to 
you  by  Network  World’s  Seminars  &  Events 
group)  will  feature  brand-new  technology 
offerings  from  67  companies.  Among  them  are 
some  pretty  cool  tools  —  and  we  got  a  sneak 
peek  at  some  of  the  products  being  launched 
this  week  in  Arizona. 

DataPod  is  an  Israeli  company  that  will  show 
off  software  that  lets  your  data  “follow  you 
around.”  The  software  aims  to  solve  the  problem 
of  users  who  have  their  data  scattered  on 
several  PCs  and  the  problem  of  multiple  people 
trying  to  access  the  same  file. 

Users  install  client-side  software  (called  Data¬ 
Fbd)  on  any  PC  to  which  they  want  to  have  ac¬ 
cess.  Data  stored  in  the  user-defined  folder  is 
automatically  synchronized  with  the  other  PC 
where  DataFbd  is  installed.  A  local  copy  of  the 
data  is  stored  on  both  PCs.  When  changes  are 
made  to  the  file  at  one  location,  they  are  sent  to 
the  other  system.  On  the  sharing  side,  co-workers  can 
access  one  copy  of  the  same  file  without  having  to  send 
the  file  back  and  forth  through  e-mail,  because  both  work¬ 
ers  will  have  the  file  locally,  and  changes  will  be  updated 
automatically 

The  updates  are  sent  over  Secure  Sockets  Layer,  and  no 
third-party  servers  are  needed  to  store  data  (as  in  some 
collaboration-style  software).  It’s  also  a  bit  different  from 


some  remote  access  offerings  (such  as  GoToMyPC),  as 
only  the  data  is  being  accessed,  not  the  actual  computer. 

The  company  plans  to  launch  the  product  next  month, 
with  trial  versions  of  the  software  available.  DataFbd  plans 
to  offer  monthly  and  yearly  subscription  plans,  and  a 


direct-purchase  (lifetime  subscription)  offering.  Go  to 
www.data-pod.com  for  more  details. 

SightSpeed,  which  makes  an  awesome  desktop  video- 
conferencing  application,  will  debut  its  SightSpeed  Video 
Messenger  Multipoint  service,  which  lets  up  to  four  people 
have  a  videoconference  from  PCs.  The  same  technology 
that  makes  SightSpeed’s  peer-to-peer-based  Video  Mes¬ 
senger  attain  such  low  latency  will  be  applied  to  the 


Multipoint  offering,  with  the  only  difference  being  that  a 
separate  server  (hosted  by  SightSpeed  and  placed  around 
the  world  in  different  locations)  will  aggregate  all  the 
video  and  audio  streams. Much  like  an  audio-conferencing 
bridge  lets  people  from  different  locations  talk  on  the 
phone,  the  SightSpeed  service  does  this  with 
video.  People  who  don’t  have  a  Web  camera  can 
use  the  service  by  viewing  other  participants 
through  a  Web  client. 

SightSpeed  plans  to  release  the  service  this 
year,  and  the  extra  feature  for  SightSpeed  mem¬ 
bers  will  cost  about  40  cents  per  minute  (final 
pricing  not  yet  announced). 

Molino  Networks  will  show  its  Molino  Media 
Mogul,  an  entertainment  console  that  includes  a 
very  large  hard  drive  (300G-byte  and  lT-byte 
models  are  planned).  When  users  insert  a  DVD 
or  a  music  CD  into  the  console,  they  are  given 
the  option  to  save  the  contents  directly  to  the 
device, storing  it  there.  Because  content  is  stored 
on  the  hard  drive  without  being  compressed,  the 
quality  remains  the  same  as  if  it  were  being 
played  on  a  normal  player.  If  a  user  doesn’t  want 
to  store  content  on  the  drive,  the  device  includes 
a  normal  DVD/CD  player. 

When  connected  to  a  network  via  Ethernet 
port,  users  can  transfer  their  multimedia  content  to  the 
Molino  box.  Content  stored  on  the  Molino  device  (except 
for  DVD  movies)  can  be  transferred  across  the  network  to 
a  PC.The  Media  Mogul  is  scheduled  to  launch  this  summer 
—  the  300G-byte  version  will  start  at  $995;  the  lT-byte 
model  will  cost  about  $3,000. 

Shaw  can  be  reached  at  kshaw@nww.com. 


The  SightSpeed  Video  Messenger  Multipoint  service  is  designed  to  let  users  in 
different  locations  have  a  videoconference  from  their  desktops. 


impenetrable  network 
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NetScreen,  the  company  protecting  many 


of  the  world’s  largest  enterprises,  now  has 


Our  complete,  single  vendor  solutions  provide 


network  security  that’s  easily  managed 


Reduces  costs.  And  most  importantly,  gives 


attacks.  Our  unequaled  solutions  for  large 


financial,  government  and  manufacturing 


networks  have  made  us  the  world’s  fastest 


over  the  last  two  years.  Now  there’s  no 


more  impenetrable  solution  for  your 


business.  Call  800.638.8296  or  visit 


www.netscreen.com/company/ad/impenetrable 
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EDITORIAL 

John  Dix 

Galling  vendors 
to  a  Virtual 
Showdown 

Network  World  has  hosted  presidential-style  technol¬ 
ogy  debates  —  what  we  call  Showdowns  —  at  all 
the  major  trade  shows,  from  NetWorld+lnterop  to 
ComNet.Supercomm,  Comdex  and  the  new  U.S.  version 
of  the  CeBit  show. 

And  while  successful,  they  only  benefit  people  who 
attend  the  events.  Readers  too  far  away  to  make  the 
trek  miss  the  opportunity  to  see  how  competing  ven¬ 
dors  on  Showdown  panels  respond  to  our  probing, 
attack  the  weaknesses  of  their  rivals  and  respond  to 
questions  from  the  audience. 

So  we’re  pleased  to  announce  we  are  complementing 
our  in-person  debates  with  Network  World  Virtual  Show- 
downs.The  format  will  be  similar,  but  it  will  all  happen 
online  so  you  can  track  the  show  from  your  desktop  and 
reference  it  after  the  fact. 

To  kick  it  all  off  we’ll  tackle  the  hot  wireless  switch  mar¬ 
ket.  We  hereby  challenge  Airespace,  Aruba,  Cisco,  Extreme, 
Symbol  and  Trapeze  to  participate  in  a  weeklong  Virtual 
Showdown  commencing  March  29  (vendors  need  to  con¬ 
firm  their  participation  by  March  15). 

Like  the  live  debates,  the  virtual  kind  will  be  segmented 
into  three  parts, starting  with  the  vendors  answering  ques¬ 
tions  from  Network  World  Senior  Editor  John  Cox  and 
Craig  Mathias,  principal  of  the  Farpoint  Group. To  mini¬ 
mize  lag  time,  Cox  and  Mathias  will  formulate  and  pose 
their  questions  the  week  before  the  event. Then  on  the 
29th  we’ll  kick  off  the  first  part  by  posting  detailed 
answers  to  those  questions  and  posting  more  queries  and 
answers  throughout  the  day 
It  will  get  even  more  interesting  on  Tuesday  the  30th 
when  we  move  to  the  second  segment,  opening  up  the 
forum  to  let  the  vendors  question  each  other. This  is 
typically  the  liveliest  part  of  any  showdown  because 
the  vendors  know  their  competitors  cold  and  can  hone 
in  on  technical  details  that  matter.  In  the  live  events  we 
minimize  responses  to  2  minutes  to  keep  the  discus¬ 
sion  cooking,  but  online  we’ll  let  things  run  their 
course. 

And  finally  on  Thursday,  April  1  —  and  continuing 
through  Friday  —  we’ll  throw  open  the  doors  to  let  read¬ 
ers  post  questions. 

It  should  add  up  to  a  lively,  meaningful  discussion  that 
will  help  you  identify  the  strengths  and  weaknesses  of 
some  of  the  major  products  in  this  new  LAN  category.  Log 
on  to  follow  the  debate  and  to  help  us  keep  the  suppliers 
honest.  If  you  want  to  submit  questions  for  the  prelimi¬ 
nary  round,  e-mail  us  before  March  15. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


AT&T  responds 

Thomas  Nolle’s  column  “AT&T  hints  at  complex 
Concept”  (www.nwfusion.com,  DocFinder:  9727) 
credits  AT&T  with  a  clear  vision  of  the  future.  How¬ 
ever,  Nolle  suggests  that  under  AT&T’s  Concept  of 
One,  IP  is  just  another  network  to  be  supported. 
Using  Nolle’s  own  words  —  baloney 

The  Concept  of  One  is  a  powerful  blueprint  for 
reducing  costs,  creating  efficiency  and  giving  cus¬ 
tomers  more  control  over  their  services  by  consoli¬ 
dating  multiple  organizations,  networks,  systems, 
platforms  and  processes  into  one.  It  already  is  deliv¬ 
ering  tangible  benefits  for  AT&T  and  its  customers. 

AT&T  is  moving  to  a  single, global  IP  Multi-protocol 
Label  Switching-based  network  because  it  simply  is 
the  only  way  any  provider  can  deliver  next-genera¬ 
tion  services  at  scale  with  the  reliability  to  support 
mission-critical  applications.This  enables  the  migra¬ 
tion  of  services  such  as  ATM  and  frame  relay  onto 
the  IP  backbone  as  customers  demand  greater  con¬ 
solidation  within  their  network  environments.  As  the 
industry’s  voice  leader,  we  also  have  aggressive  plans 
for  the  evolution  of  voice  services  to  IP  in  2004, 
including  residential  VoIP  and  broadband  offers. 

AT&T’s  strategic  vision  extends  far  beyond  VoIP  as 
we  target  services  over  IP  AT&T’s  IP  network  will 
deliver  a  much  richer  communications  experience 
with  multimedia  features,  providing  greater  value  for 
each  dollar  of  communications  investment. 
Contrary  to  Nolle’s  “baloney”  charge,  a  close  look  at 
AT&T  shows  that  it  is  delivering  both  the  sizzle  and 
the  steak. 

Hossein  Eslambolchi 
President,  AT&T  Global  Networking  Technology 

Services 
CTO  and  CIO,  AT&T 
Bedminster,  N.J. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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opinions! 


Nolle  responds:!  never  suggested  Concept  of  One  was 
a  bad  idea.  What  I  said  was  that  it  was  an  idea  that 
had  to  be  phased  into,  bridged  to  via  success  in  the  IP 
sewices  area,  and  that  during  that  period  it  would  be 
“Concept  of  One  More"  (a  term  some  within  AT&T 
use).  The  fact  that  AT&T  is  moving  to  a  “single,  global 
MPLS-based  network  ” because  it’s  the  only  way  to  pro¬ 
vide  “next-generation  sewices  at  scale” is  proof  of  my 
point.  You  have  to  justify  future  network  infrastructure 
based  on  new  revenue  and  not  based  on  simply  col¬ 
lapsing  existing  sewices  onto  a  different  hardware 
architecture.  I  don 't  think  Concept  of  One  is  balon¬ 
ey;  the  idea  that  migration  is  the  driver  behind  Concept 
of  One  is  baloney. 

Unhappy  with  Adobe 

Regarding  Mark  Gibbs’  Backspin  column  “No  can 
spam”  (DocFinder:  9728):  I  was  surprised  to  learn 
about  Adobe  Photoshop  and  Paint  Shop  Pro’s  inclu¬ 
sion  of  the  “helpful”  third-party  software  to  deter 
counterfeiting.  I’m  going  to  write  Adobe  to  com¬ 
plain,  not  that  it’ll  do  much  good. So  what  is  next?  Do 
we  have  to  try  to  create  open  source  imaging  pro¬ 
grams  to  get  away  from  government  and  pseudo¬ 
government  interference? 

David  Florea 
System  administrator 
Private  Consulting  Group 
Portland,  Ore. 

I’m  glad  I  read  Mark  Gibbs’  column  about  Photo¬ 
shop  CS  and  scanning  currency  As  an  avid  fan  of 
Adobe  products  for  many  years,  I  feel  like  the  com¬ 
pany  has  let  me  down. 

1  had  intended  to  upgrade  from  Photoshop  7,  but 
after  reading  Gibbs’  column,  I  decided  I  didn’t  need 
to  after  all. The  way  Adobe  is  acting,  it  should  not  be 
rewarded  with  my  business. 

Spyros  Kosmetatos 
Atlanta 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  9724 
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BOTTOM  LINE 

Joel  Snyder 

I’m  tired  of  having  an  in-box  filled  with 
worms.  In  the  last  26  days,  infected  PCs 
have  sent  me  3,787  copies  of  MyDoom.  I 
know  I’m  supposed  to  be  an  understanding, 
gentle  kind  of  advice  giver, but  frankly  I’m  sick 
of  it.  I’m  sick  of  having  my  time  wasted,  and 
I’m  sick  of  having  to  help  people  clean  up 
messes  because  they  can’t  control  their  own  mice. 

Why  can’t  people  take  responsibility  for  protecting  their  own  PCs? 
People  never  say,“l  did  something  utterly  moronic  today  and  infected 
my  own  PC  and  600  others.”No,it’s“I  got  a  virus.” As  if  it’s  not  their  fault. 
As  if  they  caught  a  cold  because  they  just  happened  to  be  in  the 
room  when  someone  who  was  sick  walked  by. 

Well,  it  is  their  fault. You  don’t  get  MyDoom  if  you  don’t  click  on  it.  It’s 
not  even  that  clever  of  a  hack,  the  kind  where  just  staring  at  it  funny 
infects  your  PC.  It’s  not  novel,  either.  When  the  ILoveYou  worm  came 
out,  that  was  new  Pfeople  got  duped  because  they  had  never  seen  any¬ 
thing  like  it.  But  that  was  four  years  ago. 

If  you  got  MyDoom  last  month,  you’ve  got  a  problem,  and  it’s  not  a 
software  problem.  It’s  a  human  problem.  Here  are  some  ideas  for  solv¬ 
ing  it: 

Stop  relying  on  virus  scanners.  When  a  worm  like  this  breaks  out,  it 
can  take  hours  for  virus  signatures  to  be  updated  and  days  for  all  the 
PCs  in  the  world  to  know  about  it.  A  virus  scanner  is  a  great  thing  to 
have,  but  you  can’t  blindly  stumble  through  life  clicking  on  anything 
you  see  just  because  you  gave  Symantec  $20.  If  you  have  a  heuristic 
virus  scanner  —  they  do  exist  —  that  can  help,  but  it’s  still  not  a  sure 


Time  to  wise  up  about  worms 


thing;  it  just  increases  the  odds  of  success.  You  have  to  realize  that 
even  with  protection, you’re  not  totally  protected. 

Start  relying  on  education.  You,  and  all  the  users  you  support, 
should  know  better  than  to  click  on  attachments,  no  matter  who 
they’re  from,  which  launch  programs  or  unzip  themselves  and  self¬ 
execute.  This  is  as  basic  as  knowing  your  own  email  address.  When 
you  put  a  company  PC  in  someone’s  hands,  they  should  be  potty- 
trained  to  not  mess  all  over  your  network.  If  you  think  training  is 
expensive,  consider  the  cost  of  not  training. 

Stop  buying  the  monoculture.  If  everyone  uses  the  same  mail  client 
and  operating  system,  it’s  that  much  easier  for  malware  to  take  down 
your  network.  I  don’t  have  any  illusions  that  everyone  in  the  world  is 
suddenly  going  to  stop  using  Windows,  Office  and  Outlook,  but  1  can 
tell  you  this:  The  only  thing  Macintosh  users  got  from  MyDoom  was 
annoyed.  There  are  Windows  e-mail  clients,  such  as  Netscape  and 
Eudora,  that  are  less  susceptible  to  the  kind  of  prank  that  spreads 
MyDoom. 

Start  configuring  for  protection.  Modern  mail  gateways, operating  sys¬ 
tems  and  personal  firewalls  let  you  block  many  of  the  features  exploit¬ 
ed  by  worms, such  as  the  ability  to  download  and  run  your  own  appli¬ 
cations.  For  naive  users  who  are  most  likely  to  get  caught,  additional 
protections  are  justified.  Not  every  PC  in  the  company  has  to  have  the 
same  security  posture  as  the  IT  staff. 


Why  can't  people 
take  responsibil¬ 
ity  for  protecting 
their  own  PCs? 


Snyder,  a  Network  World  Test  Alliance  partner,  is  a  senior  partner  at 
Opus  One  in  Tucson,  Ariz.  He  can  be  reached  at  joel.snyder@ 
opusl.com. 


REALITY  CHECK 

Thomas  Nolle 

The  Nasdaq  crash  and  bursting  of  the 
tech  bubble  taught  us  a  lot  about  the 
telecom  industry,  including  the  basic  tru¬ 
ism  that  businesses  must  show  a  profit  no  mat¬ 
ter  how  cool  or  revolutionary  their  technolo¬ 
gy  might  be.  What  can  we  learn  from  the 
recent  rise  in  our  industry’s  fortunes? 

It  doesn’t  seem  like  a  clear  victory  for  convergence.TDM  player Tellabs 
has  gained  about  70  cents  in  stock  price  over  the  last  year.  IP  player 
Juniper,  in  the  same  period,  gained  about  $20.That’s  a  pretty  clear  vote 
in  favor  of  IP  over  TDM.  Cisco  and  3Com  both  doubled  their  stock 
prices,  and  Avici  Systems  nearly  quadrupled  its  price  in  that  same  peri¬ 
od.  But  Lucent  and  Nortel,  hardly  bastions  of  packet  commitment,  also 
more  than  doubled  their  prices.  A  lot  of  IP  start-ups  went  out  of  business. 

Optical  isn’t  a  clear  winner,  either.  Ciena  didn’t  do  much  better  than 
Tellabs,  and  JDS  Uniphase  lagged  Cisco  and  3Com.  We’re  not  seeing  a 
clear  victory  at  the  technology  level. 

So  what  are  the  business  lessons  here?  It’s  clear  from  the  reports  of 
enterprise  players  that  IT  spending  actually  is  ramping  up  a  lot  faster 
than  doomsayer  surveys  showed  it  would  at  the  end  of  2003.  That 
includes  network  spending.  It’s  also  clear  that  the  money  is  going  dis¬ 
proportionately  to  incumbent  players  that  have  a  strong  sales  presence 
in  enterprise  accounts.  The  same  thing  is  true  in  the  service  provider 
area,  though  it’s  lagging  the  enterprise  area  by  about  four  months.The 
old  business  adages  of  feet-on-the-street  and  account  control  seem  to 
carry  more  weight  than  technology  revolutions. 

Or  maybe  we’re  learning  that  the  tech  revolution  isn’t  revolutionary  It 
would  be  fair  to  say  that  a  lot  of  the  revolutionary  furor  of  the  bubble 
has  been  co-opted  by  the  establishment.Tellabs  and  Ciena  both  bought 
IP  service  switch  vendors.  Cisco  is  targeting  the  same  RBOCs  it  almost 
laughed  at  in  2000.  IBM  and  Novell  are  competing  to  be  the  leaders  in 
open  source  and  Linux.  DSL  is  becoming  the  RBOCs’  private  reserve, 
and  technologies  such  as  802. 1 1  seem  to  be  moving  to  a  role  of  sup- 


Lessons  from  the  telecom  rise 


porting  incumbent  carriers  instead  of  displacing  them.  AT&T  is  cham¬ 
pioning  VoIPlt’s  like  having  all  the  Generation  Xers  become  lawyers  or 
politicians.  Is  it  selling  out  or  the  “new  maturity”? 

Neither;  it’s  getting  real.  Maybe  that’s  a  good  thing  or  at  least  an  in¬ 
evitable  thing.  Remember  our  lesson  from  the  fall:  profits  count.  Just  be 
cause  you  can  invent  something  doesn’t  mean  you  can  commercialize 
it,  and  commercialization  means  more  than  just  earning  money  It 
means  popularizing  something,  making  it  a  part  of  our  industry  and 
culture.The  lesson  of  the  rise  is  that  technology  matters  when  it’s  deliv¬ 
ered  into  the  real  world. 

We’re  entering  a  different  kind  of  age,  an  age  where  what  is  impor¬ 
tant  to  real  buyers  is  also  important  to  real  sellers.  A  lot  of  the  things 
we’ve  talked  about  for  the  last  four  years,  from  VoIP  and  convergence 
to  wireless  and  Linux  and  free  telephony  and  universal  Internet  and 
consumer  broadband,  are  going  to  happen  for  real  in  2004.  It’s  not 
going  to  be  a  story  of  revolution  because  all  the  revolutionaries  died 
off  in  the  crash.  It’s  a  story  of  assimilation.  Trusted  service  or  equip¬ 
ment  providers  will  take  those  revolutionary  bubble  ideas  that  were 
good  in  a  commercial  sense  and  present  them  in  a  sanitized  and  suc¬ 
cessful  form.  For  many  it  will  be  hard  to  tell  if  that’s  exciting  news  or 
a  defeat  of  innovation. 

But  what  is  innovation  without  execution?  Does  the  product  or  ser¬ 
vice  that  changes  minds  and  never  changes  lives  really  mean  anything? 
We  had  an  intellectual  revolution  in  telecom  in  2000,  a  purge  of  hope 
in  2001  and  now  a  (perhaps)  conventional  execution  of  some  shadows 
of  those  revolutionary  ideas.  It’s  quite  a  gamut,  but  is  it  good?  Is  it  a  sell¬ 
out  of  ideals  to  taste  success  from  an  establishment  well? 

Why  not  wait  till  the  end  of  this  year,  when  our  industry  and  your  own 
life  is  flush  with  some  new  (and  earned)  prosperity  to  decide  whether 
you  like  this  new  age  better? 


Just  because  you 
can  invent  some¬ 
thing  doesn't 
mean  you  can 
commercialize 
it... 


Nolle  is  president  of  CIMI,  a  technology  assessment  firm  in  Voorhees,  NJ. 
He  can  be  reached  at  (856)  753-0004  or  tnolle@cimicorp.com. 
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Today's  leading  enterprise  decision-makers  focus  on  one  event. 


Organizations  with  the  most  advanced  enterprise  networks  get  the 
information  they  need  at  SUPERCOMM.  Specifically,  more  than  400  of  the 
world's  largest  corporations,  federal  agencies,  state  and  local  governments, 
and  educational  institutions  send  enterprise  managers  to  SUPERCOMM. 
Representatives  from  these  companies  join 
thousands  of  senior  IT  executives  responsible  for 
major  corporate  and  government  networks. 

These  leaders  depend  on  SUPERCOMM  to  keep 
their  networks  up  to  date.  At  SUPERCOMM,  they 
can  examine  all  relevant  enterprise  technologies 


at  one  time  and  place.  In  addition,  Enterprise@SUPERCOMM  features  a 
FREE  educational  curriculum  with  expertise  gathered  from  around  the 
world.  Equally  important,  unlike  more  narrowly  defined  events,  SUPERCOMM 
also  offers  a  window  into  all  key  communication  technologies:  Broadband, 

Converged  Wireless  and  the  entire  Global 
Infrastructure.  Join  your  colleagues  who  are 
making  the  wise  choice  to  advance  their 
networks  while  economizing  on  resources. 
Take  advantage  of  FREE  registration  and 
surround  yourself  with  solutions. 


Explore  the  Whole  World  of  Communications 


June  20-24  2004  Exhibits  June  22-24  McCormick  Place  I  Chicago  IL  supercomm2004.com 


SUPERCOMM  is  a  registered  trademark  of  the  Telecommunications  Industry  Association  (T1A)  and  the  United  States  Telecom  Association  (USTA).  All  other  registered  trademarks  and  trademarks  are  property  of  their  respective  owners.  Company  names  appeared  in  the  attendee  data  from 
the  SUPERC  OMM  2003  event  Use  of  company  names  in  ths  advertisement  is  not  intended  to  convey  endorsement  of  the  company,  or  its  products  or  services  Companies  listed  in  this  advertisement  may  not  have  endorsed  SUPERCOMM. 
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NETWORK  INTRUSION- 
PREVENTION  SYSTEMS 


INSIDE 

Rate-based  IPS  products: 

Top  Layer  stands  out  based  on  its 
ability  to  direct  and  block  denial-of- 
service  attacks.  Page  TO, 

Content-based  ISP  products: 

ISS,  NetScreen.TippingPoint  are 
enterprise-ready.  Page  72. 

An  alternative:  The  ForeScout 

honeypot  IPS  option. 

MU'e!  ONLINE 

PRODUCT  REVIEW 

•The  EcoNet.com  IPS  service. 

•  How  we  conducted  our  tests. 

•  Issues  with  testing  performance. 

•  Questions  to  ask  your  IPS  vendor. 

•  Update  on  products  tested. 

www.nwfusion.com, 
DocFinder:  9723 
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An  ounce  of  intrusion 
prevention  may  cure  your 
network  security  ills 


Jfs  tested 

ON  A  LIVE 

WWPUCTION  NETWnRK 


alk  about  jumping  on  a  bandwagon. When  Gartner  last  summer  declared  “IDS 
is  dead,  long  live  IPS,”  marketeers  everywhere  picked  up  the  intrusion-pre¬ 
vention  system  buzzword  and  ran  with  it.  Like  the  VPN  craze  of  three  years 
ago,  when  every  product  having  anything  to  do  with  virtualization  or  privacy  got  the 
VPN  label,  IPS  products  of  every  shape,  size  and 
description  have  started  to  crowd  the  market. 

With  our  first  “In  the  Wild”  IPS  test, 
we’ve  spent  the  last  five  months  testing 
1 1  products  on  our  live  distributed  net¬ 
work  connecting  sites  in  Los  Angeles, 

San  Jose  and  Tuscon,  Ariz.,  to  help  sort 
out  the  real  from  the  rhetoric.  We 
looked  at  what  the  products  can  detect, 
how  powerful  and  flexible  they  are  in 
blocking  traffic,  and  how  their  manage¬ 
ment  systems  can  support  real  network 
topologies  (see  How  we  did  it  at  www. 
nwfusion.com,  DocFinder:  9626). 

This  review  provides  a  wealth  of  data 
on  the  features  and  manageability  of 
these  products.  However,  because  these 


You  can't  have  it  both  ways 


While  many  products  include  rate-based  and  content-based 
controls,  no  product  does  an  outstanding  job  at  both 
simultaneously.  That’s  because  vendors  need  to  strike  a  balance 
between  adding  CPU-  and  memory-intensive  features,  while 
keeping  latency  to  a  minimum.  This  chart  shows  the  design 
features  of  the  products.  Those  closest  to  the  upper  left  are  the 
“purest”  rate-based;  those  at  the  bottom  right  are  the  “purest” 

content-based.  Those  closest  to  the  dotted 
a  p»hs|Cpfi  ,ine  are  the  most  blended  products. 
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products  manage  malicious 
traffic  differently,  we  did  not 
assess  performance  (see  Why 
no  performance  tests,  Doc¬ 
Finder:  9627). 

We  defined  an  IPS  as  an  in¬ 
line  product  that  focuses  on 
identifying  and  blocking  mali¬ 
cious  network  activity  in  real  time.  We 
set  the  in-line  criteria  because  this  is  the 
segment  of  the  market  that  offers  the 
widest  array  of  IPS  technology  In  doing 
so,  we  understand  we  excluded  some 
good  intrusion-prevention  technology 
(see  story,  page  73). 

Vendors  participating  comprised  sev¬ 
eral  well-known  security  firms, including 
Check  Point,  Internet  Security  Systems, 
NetScreen  Technologies  and  Top  Layer 
Networks;  and  newcomers  Captus  Net¬ 
works,  DeepNines  Technologies, 
EcoNet.com,  Lucid  Security,  StillSecure, 
TippingPoint  Technologies  and  Vsecure 
Technologies. 

These  products  fall  into  two  general 
categories:  rate-based  products  and  con¬ 
tent-based  (also  referred  to  as  signature- 
and  anomaly-based)  products.  Products 
from  both  sets  generally  look  like  fire¬ 
walls  and  often  have  some  basic  firewall 
functionality  But  firewalls  block  all  traf¬ 
fic  except  that  which  they  have  a  reason 
to  pass;  IPSs  pass  all  traffic  except  that 
which  they  have  a  reason  to  block. 

Rate-based  IPS  products  block  traffic 
based  on  load:  too  many  packets,  too 
many  connects,  too  many  errors.  In  the 
presence  of  too  much  of  anything,  the 
rate-based  IPS  kicks  in  and  blocks,  throt¬ 
tles  or  otherwise  mediates  the  traffic.The 
most  useful  ratebased  IPS  includes  a 
combination  of  powerful  configuration 
options  and  a  broad  range  of  response 
technologies  (see  story  page  70). 

We  also  found  variation  in  defining 
what  is  too  much  traffic  and  in  deciding 
what  to  do  about  it.  Configuring  an  IPS 


■  BY  JOEL  SNYDER,  DAVID  NEWMAN  AND  RODNEY 
THAYER,  NETWORK  WORLD  GLOBAL  TEST 
ALLIANCE 


to  describe  “too  much"  is  difficult  even 
for  savvy  network  professionals,  and 
there  was  little  agreement  from  vendors 
as  to  the  best  approach  to  limiting  traf¬ 
fic.  Because  ratebased  IPSs  require  fre 
quent  tuning  and  adjustment,  they  will 
be  most  useful  in  very  high-volume  Web, 
application  and  mail  server  environ¬ 
ments. 

Content-based  products  block  traffic 
based  on  attack  signatures  and  protocol 
anomalies  (see  story  page  72).  Worms, 
such  as  Blaster  and  MyDoom.that  match 
a  signature  can  be  blocked.  Packets  that 
don’t  follow  the  many  TCP/IP  RFCs  are 
dropped.  Suspicious  behavior  such  as 
port  scanning  triggers  the  IPS. 

The  best  content-based  IPSs  offer  a 
range  of  techniques  for  identifying  mali¬ 
cious  content  and  many  options  for 
how  to  handle  the  attacks,  from  simply 
dropping  bad  packets  to  dropping 
future  packets  from  the  same  attacker, 
and  reporting  and  alerting  strategies. 
With  IDS-like  technology  identifying 
threats  and  blocking  them,  content- 
based  IPSs  can  be  used  deep  inside  the 
network  to  complement  firewalls  and 
provide  security  policy  enforcement. 

Snyder  is  a  senior  partner  at  Opus  One 
in  Tucson,  Ariz.  and  can  be  reached  at 
Joel.snyder@opusl .com.  Newman  is 
president  of  Network  Test  in  Westlake 
Village,  Calif.,  and  can  be  reached  at 
dnewman@  networktest.com  Thayer  is 
an  independent  security  consultant  and 
can  be  reached  at  rodney!fPcanola- 
jones.com. 
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Go  with  the  flow 

Rate-based  IPSs  detect  detailed  changes  in  traffic  flow. 

»  BY  JOEL  SNYDER,  DAVID  NEWMAN  AND  RODNEY  THAYER,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


PS  TESTED 

A  LIVE 


PRODUCTION  NETWORK 


sjM  ffija  e  deployed  four  rate- 

ppR  aga  limiting  intrusion-pre- 

1||5;  vention  system  prod- 

jpgSp  fjPjBff  ucts  on  our  *'ve’  three- 

‘pf&gS  site  network.Those  prod- 
lilll  ucts  were  Captus  IPS 
H  ■■4100  from  Captus  Net¬ 
works,  Sleuth9  from  DeepNines  Technol¬ 
ogies.  Attack  Mitigator  IPS  from  Top  Layer 
Networks  and  NetProtect  LG100  from 
Vsecure  Technologies. 

Our  criteria  for  testing  these  products 
followed  the  requirements  of  any  net¬ 
work  professional  using  one: 

•  How  does  the  product  let  you  define 
what  traffic  to  control  and  set  the  limits? 

•  How  can  you  define  policy  on  the  IPS 
regarding  what  it  should  do  when  limits 
are  exceeded?  How  well  does  it  execute 
that  policy? 

•  What  does  it  offer  in  terms  of  tuning 
and  discovery  tools? 

•  What  does  it  offer  by  way  of  manage 
ment  wares? 

•  Are  there  content-based  IPS  or  basic 
firewalling  included? 

Attack  Mitigator  IPS  quickly  moved  to 
the  top  of  the  heap  because  of  its  com¬ 
prehensive  tools  for  managing  multiple 
kinds  of  distributed  denial-of-service 
(DoS)  attacks. 

Identifying  the  bad  guys 

Ratebased  IPS  devices  must  provide 
detailed  control  of  traffic  flow. Tuning  the 
IPS  means  telling  it  which  traffic  to  look 
at  and  what  the  limits  are  on  that  traffic. 
We  discovered  wide  variation  in  product 
capabilities  and  in  how  much  you  must 
know  about  your  network  to  use  them. 

All  four  products  let  you  define  what 
applications  and  servers  you  want  to  pro¬ 
tect,  usually  by  identifying  a  combination 
of  source  and  destination  IP  addresses, 


along  with  source  and  destination  port 
and  protocol,  in  most  cases,  either  the 
source  or  destination  address  will  be  a 
wildcard  (indicating  “the  Internet”).  For 
example,  you  might  limit  queries  to  your 
DNS  server  to  1 ,000  per  second.  Simple 
rules  covering  bandwidth  and  connec¬ 
tion  limiting  (often  called  SYN  flood  pro¬ 
tection)  are  something  you  can  do  in  any 
rate-based  IPS. 

In  terms  of  providing  sophisticated  rate 
controls,  Attack  Mitigator  IPS  maintains 
knowledge  of  connection  state  for  traffic 
flowing  through  it.  While  other  products 
can  detect  floods  of  traffic  or  connection 
requests,  Attack  Mitigator  can  tell 
whether  connections  are  being  built  up 
slowly  on  a  protected  server.  That  intru¬ 
sion  technique,  common  in  DoS  attacks, 
could  slip  by  the  other  products. 

A  similar,  but  not  as  powerful,  feature  is 
in  NetProtect  LG  100.  You  can  define  a 
connection  flood  protection  for  a  service 
on  a  particular  system,  but  you  can’t  say 
how  many  connections  that  service  can 
support.You  have  to  pick  one  of  four  val¬ 
ues  for  “sensitivity”:  minor,  low,  medium  or 
high.  Neither  Vsecure’s  GUI  nor  its  docu¬ 
mentation  gave  sufficient  meaning  to 
what  those  values  are.  NetProtect  detects 
idle  connections  building  up  from  a  sin¬ 
gle  source,  but  not  more  sophisticated 
attacks  that  slowly  keep  sending  small 
bits  of  data  or  are  distributed  across  a 
large  number  of  systems. 

Other  types  of  limiting  technologies 
these  products  offer  might  be  useful  in 
environments  where  the  traffic  mix  and 
parameters  are  known.  For  example, 
Captus  lets  you  make  decisions  based 
on  average  packet  size,  while  Vsecure 
detects  the  mix  of  protocols  (TCP  vs. 
User  Datagram  Protocol  [UDP]  vs.  Inter¬ 
net  Control  Messaging  Protocol)  and 


can  shut  things  down  if  the  mix  doesn’t 
fit  within  your  parameters.  That’s  an 
interesting  idea,  but  gathering  the  data 
to  apply  these  controls  is  a  difficult 
exercise. 

We  ran  into  design  issues  with  some  of 
these  products.  The  most  severe  was  in 
Sleuth9’s  adaptive  filtering  feature  called 
“spike  protection.”  DeepNines  engineers 
could  not  tell  us  exactly  what  the  algo¬ 
rithm  for  spike  protection  is  but  did  say 
that  it  limits  traffic  automatically  whenev¬ 
er  a  system’s  load  exceeds  historical  lev¬ 
els.  So  if  you  have  a  back-up  server  that 
kicks  in  every  night,  the  Sleuth9  could 
start  dropping  packets.  Worse,  you  can’t 
tune  or  disable  that  feature. 

Once  an  IPS  identifies  that  reconnais¬ 
sance  activity  or  an  attack  is  happening, 
the  bigger  question  is:  What  are  you  going 
to  do  about  it?  For  certain  kinds  of  at¬ 
tacks,  such  as  a  port  scan  or  a  Code  Red 
worm,  the  obvious  answer  is  drop  those 
packets.  When  you  get  into  rate-based 
IPS,  the  options  get  more  complex,  and 
the  issues  at  hand,  more  subtle. 

The  IPS  4000  offered  the  most  sophisti¬ 
cated  set  of  reaction  options.  You  could 
identify  an  overload  on  an  FTP  server,  for 
example,  and  initially  start  throttling  traf¬ 
fic  for  a  minute.  If  the  overload  contin¬ 
ued,  you  could  cut  off  access  from  the 
client  overloading  the  server.  If  things 
went  on  for  several  minutes,  you  could 
send  an  alert.  In  all,  Captus  gives  you  four 
responses  to  bad  traffic:  send  an  alert, 
limit  traffic  levels,  drop  traffic  entirely  and 
reroute  traffic. 

NetProtect  and  Sleuth9  offer  the  ability 
to  block  or  limit  traffic,  but  Top  Layer  adds 
a  third  option:  connection  proxying.This 
lets  the  Attack  Mitigator  protect  systems 
before  they  are  overwhelmed. In  addition 
to  limiting  the  number  of  connections, 


you  can  set  thresholds  for  incomplete 
TCP  connections  that  indicate  suspi¬ 
cious  behavior.  Once  these  limits  are  sur¬ 
passed,  new  connections  will  be  proxied 
by  the  Attack  Mitigator.  If  the  connection 
completes,  then  Attack  Mitigator  passes 
the  connection  to  the  actual  server.  If 
things  get  worse,  Attack  Mitigator  will 
start  blocking  all  connections  from  mali¬ 
cious  attackers. 

Setting  expectations 

The  biggest  problem  with  deploying 
rate-based  IPS  products  is  deciding  what 
constitutes  an  overload.  For  any  rate- 
based  IPS  to  work  properly  you  not  only 
need  to  know  what  “normal”  traffic  levels 
are  (on  a  host-by-host  and  port-by-port 
basis)  but  also  other  network  details 
such  as  how  many  connections  your 
Web  servers  can  handle. 

We  expected  help  from  these  products 
in  terms  of  network  infrastructure  discov¬ 
ery  and  network  traffic  patterning.  Except 
for  Top  Layer,  we  were  disappointed.  Top 
Layer  offers  a  documented  methodology 
for  putting  its  product  into  a  network, 
including  built-in  tools  that  let  you  moni¬ 
tor  your  traffic,  determine  peak  and  aver¬ 
age  loads,  and  then  use  that  to  build  your 
protection  rules. 

Some  vendors  insisted  their  basic  in¬ 
stallation  includes  a  visit  by  a  system  en¬ 
gineer.  When  the  DeepNines  system  en¬ 
gineer  came  to  our  lab,  we  asked  how 
many  weeks  they’d  have  to  baseline 
their  product  in  a  real  customer  installa¬ 
tion  to  set  levels  properly  The  system  en¬ 
gineer  estimated  an  hour  and  suggested 
we  get  a  protocol  analyzer.  Vsecure’s 
NetProtect  came  with  a  network  host 
and  service  discovery  tool,  but  it  didn’t 
provide  long-term  statistics,  thereby  only 
giving  us  half  the  picture  needed  to 
properly  configure  it. 

The  methodology  question  was  most 
troubling  with  Captus,  which  has  a  12- 
step  methodology  program,  but  it’s  a  one¬ 
time  process  assisted  by  a  trained  system 
engineer.  The  IPS  4000  itself  doesn’t  pro¬ 
vide  good  performance  statistics,  which 
is  a  shame  because  the  product  is  the 
most  labor  intensive  to  configure.  The 
problem  with  any  rigorous  methodology 
including  Captus’,  is  that  the  cost  to  tune 
the  product  is  high  and  thus  discourages 
changes,  even  though  traffic  patterns 
change  continually 

Management  styles 

IPS  management  was  very  inconsistent. 
Our  litmus  test  was  whether  each  device 

See  Rate,  page  74 


Net  Results 


Captus  IPS  4100XT  1.2 

Company:  Captus 
Networks,  (877)  922-7887, 
www.captusnetworks.com 
Price:  $12,000  for  appliance; 
$10,000  for  management 
console.  Pro:  Advanced 
policy  very  flexible  for  com¬ 
plex  environments.  Cons: 
Management  system  doesn't  l 
match  product  weli;  doesn't 
offer  network  performance  j 
data  to  help  tune;  can't  limit 
TCP  connections. 


Sleuth9  3.5 
Company:  DeepNines 
Technologies,  (214)  273-6996, 
www.deepnines.com  Price: 
$25,000  for  unlimited  users 
and  includes  Holistic  Man¬ 
agement  Console.  Pros: 
Includes  virus  scan;  offers 
many  graphical  reports  on 
network  state.  Cons:  Under¬ 
lying  operating  system  hard¬ 
ening  inconsistent;  weak  per¬ 
formance  data;  some  IPS 
features  can't  be  turned  off; 
weak  documentation  and 
help;  no  reporting. 


Attack  Mitigator  IPS 
100  2.1.016 

Company:  TopLayer 
Networks,  (508)  870-1300, 
www.toplayer.com  Price: 
$15,000  Pros:  Good  combi¬ 
nation  of  rate-based  with 
some  content-based  fea¬ 
tures;  mirror  port  good; 
application  connect  rate  and 
count  blocking  excellent; 
good  performance  monitor¬ 
ing.  Cons:  Little  reporting; 
no  centralized  management 
option  means  data  can  be 
lost  if  buffers  overflow. 


NetProtect  Enterprise 
LG100  LAN  Gateway 

Company:  Vsecure 
Technologies,  (888)  895-7500, 
www.v-secure.com  Price: 
$20,000  to  $25,000  Cons: 
Good  whitelist  design;  inno¬ 
vative  configuration  model 
well  thought  out.  Cons: 
Confusing  configuration 
system;  protected  hosts 
require  comprehensive  ser¬ 
vice  description  because  of 
built-in  firewall;  poor  docu¬ 
mentation;  no  rate  limiting, 
only  blocking  for  malicious 
traffic. 
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1.  TECHNOLOGY  TOUR 


From  Chaos  to  Control 


FREE  EVENT  FOR 
QUALIFIED  PROFESSIONALS 


Messaging  is  in  crisis.  Ever-escalating  e-mail  assaults  now  threaten  core  competencies  of  even  the 

most  sophisticated  corporations.  Leaving  beleaguered  network  managers  challenged  as  never  before. 

Spam  and  spyware.  Wireless  access  and  remote  users.  Legislation  and  lawsuits.  Today's  professionals  face  a 
confusing  array  of  undifferentiated  tools  and  technologies  that  can  merely  mask  problems.  Bouncing  legitimate 
messages  as  well  as  unwanted  junk.  Filtering  essential  content  as  well  as  damaging  viruses. 


MODERATOR 

Mark  Gibbs 


It’s  time  for  better,  more  aggressive  answers  that  once  again  make  messaging  an  efficient,  effective,  corporate- 
safe  application.  Solutions  that  ensure  network  integrity,  data  security  and  user  productivity.  In  a  structure  built 


LATEST  INTELLIGENCE,  TECHNOLOGY, 

AND  KNOW-HOW  TO  HELP  YOU: 

►  Understand  and  manage  content 
monitoring  and  filtering  systems 

*  Analyze  and  measure  the  real  business 
impacts  of  uninvited  e-mail 

►  Uncover  and  prevent  problems  inherent 
in  all  security  solutions 

►  Control,  protect  and  secure  wireless 
access  and  remote  users 

►  Attain  industry-wide  performance 
standards  and  the  best  practices  that 
achieve  them 

WHO  WILL  BE  THERE? 


to  withstand  today’s  chaotic  messaging  environment  by  returning  power  and  control  to  enterprise  network  managers. 

It’s  time  for  the  new  Network  World  Technology  Tour  event,  Messaging  and  Spam:  From  Chaos  to  Control. 
Must-know  info  presented  by  renowned  industry  expert,  Mark  Gibbs.  Must-see  technology  from  MailFrontier, 

MX  Logic,  NetlQ,  SurfControl  and  Sybari  Software.  A  must-attend  event  you  cannot  afford  to  miss.  While 
attendance  is  free,  you  must  reserve  in  advance.  So  register  now  and  gain  control  again. 

Advance  Reservation  by  qualified  professionals  is  Required  for  Complimentary  Attendance 

Register  now  at  www.nwfusion.com/MSS4A1 
or  call  1  -800-643-4668 


PLATINUM  PRESENTING  SPONSORS: 


GOLD  EXHIBITING  SPONSORS: 


*■  Expert  Event  Leaders 

►  Mark  Gibbs,  "Backspin"  and  "Gearhead” 
Columnist  of  Network  World 

►  Sandra  Gittlen,  Events  Editor  for 
Network  World 

and  leading  security  professionals  including: 

*■  IT  Directors  and  Managers 

►  CEOs  ,  CIOs,  CTOs 

*■  System  architects  and  designers 

►  Network  managers  and  engineers 


MailFrontier 


0. 

net®} 


®  Advanced  Email  Defense 

LOGIC 


SurfControl 


NETWORKS 

SPAM  FIREWALLS 


SO  FTWARE 


A  PLATINUM  EQUITY  COMP AN v 


This  event  is  limited  to  Network  and  IT  professionals  involved 
in  the  evaluation,  purchase  and  implementation  of  messaging 
products  and  services.  Network  World  Events  reserves  the  right 
to  determine  total  audience  and  profile  of  complimentary 
attendees.  Paid  registration  is  also  available. 
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e-mail  oroic. 


e-mail  protection  services 


To  join  sponsors  of  this  premier  Network  World  Event,  please  contact  Andrea  D' Amato  at  1  -508-490-6520  or  adamato@nww.com  for  free,  no-obligation  information. 
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IPS  TESTED 

ON  A  LIVE 

PRODUCTION  NETWORK 


Content  is  king 

Attack  signatures  trigger  a  range  of  responses  among  content-based  IPSs. 

■  BY  JOEL  SNYDER,  DAVID  NEWMAN  AND  RODNEY  THAYER,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


The  in-line  products  we  tested 
were  Check  Point’s  InterSpect, 
EcoNet.com’s  Sentinel  IPS,  In¬ 
ternet  Security  Systems  Pro- 
ventia  G  Series,  Lucid  Security’s 
ipAngel,  NetScreen  Technolo¬ 
gies’  NetScreen-IDP  100,  StillSecure’s 
Border  Guard  and  TippingPoint  Tech¬ 
nologies’  UnityOne.  Because  EcoNet.- 
com  is  a  managed  service  rather  than  a 
stand-alone  product,  we  discuss  it  sepa¬ 
rately  (see  Managed  IPS  alternative,  www 
nwfusion.com,  DocFmder:  9725). 

We  installed  each  of  these  in  our  labs  in 
Los  Angeles,  San  Jose  and  Tucson,  Ariz., 
(see  How  we  did  it,DocFinder:9726)  and 
assessed  them  from  the  perspective  of 
network  professionals  looking  to  put  an 
IPS  into  a  production  network. 

•  What  does  the  product  catch?  What 
kind  of  malicious  traffic  is  this  designed 
to  identify?  Where  did  the  engineers  de¬ 
sign  this  product  to  go  in  a  network? 

•  How  does  the  IPS  block  traffic?  What 
other  reactive  techniques  are  available? 

•  How  can  the  IPS  be  controlled?  What 
features  are  available  for  management, 


configuration  and  tuning? 

ISS,  NetScreen  and  TippingPoint  clearly 
fit  our  model  of  how  an  enterprise  prod¬ 
uct  should  be  built. 

All  six  had  some  level  of  signature- 
based  intrusion  detection  to  help  ident¬ 
ify  malicious  or  anomalous  traffic.  After 
that,  we  found  four  with  limited  rate- 
based  control  capabilities,  two  with  con¬ 
nection  flood  (also  called  SYN  flood) 
controls  and  one  with  built-in  honeypot 
technology 

Finding  intrusion-detection  system 
(IDS)-style  signatures  and  protocol- 
anomaly  detection  in  these  IPS  devices 
was  no  surprise.  IDS  vendors  are  ideally 
situated  to  design  IPS  products  because 
they’ve  already  thought  about  what  it 
takes  to  identify  malicious  traffic.  In  three 
cases,  the  IDS  inside  looked  very  familiar. 
IpAngel  and  Border  Guard  are  built  on 
top  of  the  open  source  Snort  IDS  engine. 
Proventia  uses  the  ISS  IDS  engine  inside. 

Proventia  ships  with  the  entire  ISS  sig¬ 
nature  library  but  only  about  250  rules  are 
enabled  by  default  for  the  IPS  function. 
These  are  rules  that  ISS  is  willing  to  guar¬ 


antee  will  not  generate  false  positives. We 
found  a  similarly  reduced  list  in  Inter¬ 
Spect  and  UnityOne.  Balancing  a  short 
signature  list  to  reduce  false  positives  with 
enough  signatures  to  make  IPS  useful  is  a 
constant  battle  for  vendors  as  these  prod¬ 
ucts  are  installed  and  updated. 

NetScreen  has  a  huge  signature  library 
but  you  have  to  define  your  internal  hosts 
and  vulnerable  ports  for  the  signatures  to 
apply  For  a  large  network,  that  would  be 
a  fairly  tedious  process.  NetScreen  will 
add  automation  tools  in  the  next  version 
of  its  IDRshipping  this  quarter. 

In  a  unique  tack  on  turning  signatures 
on  and  off,  Lucid  Security  configures  its 
ipAngel  detection  engine  based  on  feed¬ 
back  from  a  vulnerability  scan  from  a 
Nessus  open  source  network  scanner.  If 
the  scanner  finds  something  vulnerable, 
ipAngel  enables  the  IPS/IDS  signature. 
Otherwise,  it’s  turned  off. 

Border  Guard  and  UnityOne  use  a  built- 
in  nmap  vulnerability  scanner,  but  nei¬ 
ther  are  as  sophisticated  in  their  use  of 
scan  data  as  Lucid  is.  Strangely  enough, 
ISS,  which  sells  one  of  the  top  vulnerabil¬ 
ity  scanner  products,  has  not  yet  linked  its 
vulnerability  scanner  and  IPS  products. 

We  also  found  honeypot  technology  in 
NetScreen’s  IDR  The  idea  behind  a 
honeypot  is  that  most  attackers  will  do 
very  broad-scale  reconnaissance  on  a 
network  as  part  of  an  attack.  If  you  put  a 
system  out  there  that  should  never  be 
legitimately  connected  to,  then  any  con¬ 
nection  to  that  honeypot  system  is  sus¬ 
pect  and  represents  potential  malicious 
traffic.no  matter  the  content.  IDP  can  use 
specifically  configured  honeypot  ad¬ 
dresses  and  services  to  initiate  a  block 
against  further  traffic  from  the  system 
connecting  to  it. 

Rate-based  controls  were  a  welcome 
feature  in  these  content-oriented  IPS 
products,  even  if  they  did  not  meet  the 
sophistication  of  other  rate-based  IPSs 
we  looked  at.  Check  Fbint,  ISS,  NetScreen 
and  TippingPoint  all  brought  rate-based 
controls  to  the  table. 

Check  Point  and  NetScreen  included 
sophisticated  protection  for  connection 
floods  with  a  TCP  proxy.  For  example, 
NetScreen’s  SYN  Protector  feature  lets 
you  define  a  combination  of  IP  addresses 
and  an  application,  then  enable  the  pro¬ 
tector.  All  TCP  connections  are  proxied 
by  the  SYN  Protector,  eliminating  some 
classes  of  connection  flood  attacks.  The 
content-based  IPSs  we  tested  don’t  have 
any  sophisticated  tools  for  User  Data¬ 
gram  Protocol  (UDP)-based  protocols. 

UnityOne,  with  its  traffic  management 


features,  best  straddles  the  line  between 
the  rate-based  and  content-based  IPS 
camps.  While  it  doesn’t  offer  comparable 
intrusion-protection  power  of  the  best 
rate-based  products  we  tested,  it  does 
offer  detailed  bandwidth  controls 
(source  and  destination  addresses  and 
application),  and  signatures  that  detect 
high  connection  rates. 

What  does  it  do? 

We  found  that  once  bad  traffic  is  iden¬ 
tified,  the  IPSs  we  tested  can: 

•  Drop  the  malicious  traffic. 

•  Drop  all  future  traffic  on  the  same 
TCP  or  UDP  connection. 

•  Actively  try  to  close  the  connection 
by  sending  TCP  reset  packets  to  the  client 
and  server. 

•  Aggressively  drop  future  traffic  related 
to  the  attack  traffic  (for  some  period  of 
time),  such  as  from  the  same  source  IP 
address  or  network. 

We  expected  that  any  IPS  always  would 
drop  a  malicious  packet.  We  were  sur¬ 
prised  to  find  that  ipAngel  and  Border 
Guard  don’t  always.  Both  detect  prob¬ 
lems  within  traffic,  but  use  that  informa¬ 
tion  to  modify  the  behavior  of  an  associ¬ 
ated  firewall  running  on  the  IPS  device, 
dropping  future  traffic  from  the  offending 
IP  addresses  for  some  period  of  time. 
Lucid  uses  a  Check  Point  Firewall-1;  a 
proprietary  firewall  is  included  in  the 
StillSecure  IPS. 

StillSecure  also  has  a  pre-emptive 
mode  that  uses  compiled  Snort  signa¬ 
tures  to  drop  traffic  before  it  can  pass 
through  the  IPS.The  problem  is  that  Snort 
is  more  powerful  than  StillSecure’s  fire¬ 
wall  and  will  catch  some  traffic  that  the 
firewall  will  pass.This  is  especially  true  in 
cases  where  an  attacker  intentionally 
tries  to  evade  the  IPS  or  obfuscate  the 
underlying  datastream. 

All  the  IPS  products,  except  for  Unity- 
One,  had  the  option  to  create  dynamic, 
short-lived  blacklists  designed  to  protect 
the  network  from  attackers.  TippingFbint 
offered  the  option  of  limiting  the  band¬ 
width  of  types  of  malicious  traffic.  For 
example,  if  you  want  to  allow  pings,  but 
not  ping  floods, you  can  write  a  signature 
to  match  ping  (Internet  Control  Messag¬ 
ing  Protocol  request)  packets  and  then 
permit,  but  rate-limit,  them.  ISS  has  a  simi¬ 
lar  feature.  We  didn’t  look  directly  at  the 
issue  of  writing  signatures,  although  ISS, 
NetScreen,  StillSecure  and  TippingFbint 
all  let  you  define  your  own. 

There  was  little  consensus  among  IPS 
vendors  when  we  looked  at  how  they 
addressed  dropping  active  connec- 


Net  Results 


InterSpect  610* 
Company:  Check  Point, 
(650)  628-2000,  www. 
checkpoint.com  Price: 
$36,000  Pros:  Advanced 
reporting,  logging  and 
graphing;  high-availability 
options;  good  SYN  flood 
protection;  multi-inter¬ 
faces  and  multi-zone  pol¬ 
icy  make  good  internal 
IPS.  Cons:  No  central¬ 
ized  management;  limited 
IPS  tuning  capabilities. 

*  early  access  code 


NetScreen-IDP  100 
Version  2.1r4 

Company:  NetScreen 
Technologies,  (408)  543- 
2100,  www.netscreen.com 
Price:  $16,500  Pros: 
Rule-based  configuration 
makes  tuning  easy;  pre¬ 
built  IPS  policy  well 
thought  out;  honeypot 
features;  high-availability 
features;  many  interfaces 
for  core  placement. 

Cons:  Forensics/logging 
not  as  strong  as  rest  of 
product. 


Proventia  G200  with 
XPUD  22.6 
Company:  Internet 
Security  Systems,  (888) 
901-7477,  www.iss.net 
Price:  $12,000  for  appli¬ 
ance  and  $2,400  for  IPS 
content  subscription. 

Pros:  Full  IDS  features 
available;  excellent  foren¬ 
sics  tools;  nicely  designed 
and  pre-loaded  reaction 
policy  to  attacks.  Cons: 
SiteProtector  manage¬ 
ment  burden  relatively 
heavy;  no  signature-based 
tuning. 

Border  Guard 
Gateway  4.2 
Company:  StillSecure, 
(303)  381-3830,  www.stillse 
cure.com  Price:  Starts  at 
$5,000  with  annual  sub¬ 
scription  or  perpetual 
license  options.  Pros: 
Dual-whitelist  feature 
enables  logging  without 
blocking;  per-signature 
tuning  nicely  done;  black¬ 
list  features  well-designed. 
Cons:  IDS-based  IPS 
architecture  might  miss 
attacks;  intentional  IDS 
evasion  not  blocked;  no 
rate  limit  controls. 


IpAngel  2.42 
Company:  Lucid 
Security,  (215)  371-3300, 
www.lucidsecurity.com 
Price:  Ranges  from 
$4,000  to  $17,000  with  a 
20%  IPS  and  vulnerability 
subscription  fee.  Pros: 
High-end  Check  Point 
Firewall-1  built-in;  innova¬ 
tive  Nessus-based  auto¬ 
configuration.  Cons:  Can't 
catch  attacks  that  only 
take  a  single  packet;  weak 
GUI  and  too  few  configu¬ 
ration/control  options. 

UnityOne-200 
Intrusion  Prevention 
Appliance  1.3.4 
Company:  TippingPoint 
Technologies,  (512)  681- 
8000,  www.tippingpoint 
.com  Price:  $25,000  Pros: 
Multi-interface  option  (40 
ports);  good  rate-based 
controls  for  a  content- 
based  device;  per-signa¬ 
ture  tuning  good;  excep¬ 
tional  reporting.  Cons:  No 
auto-blacklist/evasion 
features;  nmap-based 
:  configuration  assistance 
i  poor. 
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tions  and  blocking  future  traffic.  For  ex¬ 
ample,  ipAngel  not  only  drops  the 
offending  packet,  but  also  all  future 
packets  from  the  attacking  system  for 
the  next  60  seconds. 

That  simple  blacklist  strategy  contrasted 
sharply  with  ISS’  approach.  For  each  sig¬ 
nature,  ISS  lets  you  define  a  variety  of  re¬ 
actions,  including  simply  dropping  pack¬ 
ets,  closing  connections  or  updating  a 
blacklist.  If  you  do  update  a  blacklist,  it’s 
not  just  a  “drop  everything  from  the  at¬ 
tacker”  choice.  ISS  lets  you  define  many 
different  blacklisting  strategies.  The  de¬ 
faults  let  you  block  future  traffic  from  the 
same  attacker  to  the  same  victim  or  com¬ 
bine  IP  addresses  and  applications.  The 
simpler  option  isn’t  even  available.  In  a 
very  obvious  way  Lucid  (and  other  ven¬ 
dors,  including  Check  Point  and  Still- 
Secure)  disagree  completely  with  ISS  in 
their  blacklisting  strategy 

It's  hard  to  say  which  is  the  “right”  way  to 
handle  bad  traffic,  but  the  conservative 
approach  ISS  offered  seemed  like  it 
would  get  you  in  a  lot  less  trouble  with 
self-inflicted  denial-of-service  attacks  over 
the  long  run. 

In  addition  to  dropping  malicious  traffic 
and  adding  IP  addresses  to  blacklists, 
some  IPSs  give  you  additional  options, 
ranging  from  dropping  all  other  traffic  for 
that  particular  connection  to  actively  try¬ 
ing  to  tell  the  client  and  server  that  the 
connection  is  closed  by  sending  TCP  RST 
segments  in  both  directions. 

The  problem  is  that  not  every  signature 
deserves  the  same  reaction.  For  example, 
a  TCP  packet  with  a  wildly  wrong 
sequence  number  probably  shouldn’t 
cause  a  connection  to  be  broken  and  a 
blacklist  entry  to  be  made,  because  it 
might  be  a  forged  packet.  If  you  let  any¬ 
one  send  you  random  TCP  packets  to 
shut  down  other  people’s  connections, 
you’d  have  a  particularly  brittle  network. 
We  appreciated  the  work  that  ISS  and 
NetScreen  did  in  designing  the  appropri¬ 
ate  reaction  to  every  signature  rather 
than  treating  the  entire  IPS  as  a  mono¬ 
lithic  entity 

We  also  were  concerned  about  how 
these  products  behaved  when  they  en¬ 
countered  bad  traffic:  what  information 
was  kept  and  how  could  the  network 
manager  use  it.  Products  took  two  tacks 
on  this.  ISS’  and  TippingPoint’s  products 
behaved  like  an  IDS,  providing  a  com¬ 
prehensive  forensics  capability  and 
detailed  information  about  what  hap¬ 
pened  and  when. 

Check  Paint,  NetScreen  and  StillSecure 
took  a  more  traditional  reporting  strategy 
aggregating  and  collecting  data.  Check 
Pbint  stands  out  with  a  tremendous  set  of 
reporting  and  logging  tools.  Because  In- 
terSpect  is  closely  derived  from  Check 
Point’s  Firewall-1  ,all  the  tools  that  are  part 
of  Firewall-1  are  available  in  InterSpect. 
Having  all  that  power  actually  makes  the 
product  look  lopsided:  the  reporting  side 
of  InterSpect,  with  nearly  10  years’  worth 


of  development  and  experience  behind 
it,  is  more  mature  and  complete  than  the 
newly  written  IPS  side. 

How  can  I  control  it? 

The  scariest  two  words  to  an  IPS  vendor 
are“false  positive.’These  folks  want  you  to 
trust  the  most  critical  parts  of  your  net¬ 
work  infrastructure  to  them.  While  some, 
such  as  Lucid  Security  and  StillSecure, 
have  a  posture  clearly  aimed  at  protecting 
you  from  the  Internet, encouraging  you  to 
place  their  devices  at  the  perimeter  of  the 
network,  the  rest  want  you  to  put  their 
boxes  deep  within  your  network.  At  that 
location,  they  can’t  risk  false  positives  — 
it’s  better  for  bad  packets  to  get  through 
than  good  packets  to  be  blocked. 

One  of  the  first  management  features 
we  looked  for  was  the  ability  to  put  the 
system  into  alert-only  mode.The  idea  is  to 
keep  the  IPS  running,  but  never  drop  any 
traffic. You  would  want  to  do  this  for  tun¬ 
ing  purposes,  and  a  network  professional 
might  want  to  run  it  in  this  mode  if  the  IPS 
is  ever  suspected  of  causing  network 
problems.  ISS  understands  this  issue  and 
gave  us  a  nice  big  button  in  the  GUI  to  put 
its  Proventia  into  alert-only  mode.  Net- 
Screen  pointed  to  its  configuration  ver¬ 
sioning  capability,  which  would  let  you 
create  two  configurations,  one  alert-only 
and  one  not,  along  with  the  ability  to  eas¬ 
ily  switch  between  them. All  the  other  IPSs 
had  a  hard  time  with  this  simple  request, 
either  requiring  some  hardware  rewiring 
or  a  more  detailed  modification  of  the 


security  policy  that  was  not  easily 
reversible. 

We  also  thought  that  most  network  pro¬ 
fessionals  would  want  to  have  a  whitelist 
capability:Tell  the  IPS  that  certain  systems 
are  not  to  be  blocked  for  any  reason.  ISS, 
NetScreen,  StillSecure  and  TippingFbint 
gave  us  nice  levels  of  detail,  down  to  the 
port  or,  even  to  the  signature  level.  Check 
Fbint’s  whitelist  function  looked  good  in 
theory  but  because  of  bugs  in  the  late 
beta  version  we  tested,  we  kept  losing  sys¬ 
tems  we  added.  Lucid  had  a  less  granular 
whitelist,  which  would  probably  be  rea¬ 
sonable  for  most  networks. 

Another  customization  issue  was  net¬ 
work  discovery.  For  many  application- 
layer  signatures,  there  is  an  implicit 
assumption  that  particular  applications 
run  on  particular  ports.  We  wanted  to  see 
how  the  IPS  devices  adapted  to  our  net¬ 
works,  including  applications  running 
where  they  didn’t  belong. 

IpAngel  looked,  at  first  glance,  like  the 
answer  to  our  problems.  The  built-in 
Nessus  scanner  activating  rules  seemed 
like  a  great  solution.  Scan  your  network 
once  in  a  while, turn  on  and  off  the  appro¬ 
priate  rules,  and  you’re  all  set.  But  in  our 
tests,  Nessus  might  have  found  our  non¬ 
standard  mail  server  on  Port  2525,  but 
ipAngel  didn’t  activate  any  signatures  for 
that  port.  With  ipAngel’s  very  weak  Web- 
based  GUI,  we  didn’t  have  the  option  to 
fix  this  deficit  ourselves. 

We  had  a  similar  problem  with  Unity- 
One,  which  uses  the  simpler  nmap  tool 


for  system  discovery: 

You  can’t  touch  the 
configuration  after 
nmap  defines  what 
the  ports  on  which 
particular  protocols 
run.  StillSecure  has 
nmap,  but  this  fea¬ 
ture  is  not  fully  fleshed  out.  You  can  use 
the  results  of  an  nmap  scan  to  block  traf¬ 
fic  to  nodes  which  nmap  finds,  letting 
through  traffic  to  systems  that  don't  exist. 

On  the  other  hand,  products  from  ISS 
and  NetScreen  don’t  have  automated  dis¬ 
covery  tools.  Check  Point’s  InterSpect 
doesn’t  give  you  the  option  of  defining 
services  —  if  you’re  running  an  applica¬ 
tion  on  a  non-standard  port,  you  don’t  get 
to  protect  that  protocol  with  their  appli¬ 
cation-specific.  IPS  features. 

Wrapping  up 

One  of  the  most  solid  products  was 
UnityOne.With  a  clear  interest  in  core-of- 
the-network  implementation,  it  offers  a 
good  base  for  a  simple  IPS.  TippingFbint 
didn’t  stand  out  with  flashy  features,  but 
the  architecture  of  the  product  and  the 
capabilities  it  did  offer  make  it  a  product 
to  watch. 

In  the  category  of  products  we’d  buy  for 
our  own  networks  are  the  ISS  and  Net- 
Screen  boxes.  NetScreen’s  clean  imple¬ 
mentation  looked  solid  in  every  way  ISS, 
likewise,  clearly  brings  a  serious  under¬ 
standing  of  what  an  IPS  should  do  to  this 
market.  ■ 


ForeScout  pitches  honeypot  technology  as  IPS 


hile  we  found  11  vendors  that  met  our  criteria  for  in¬ 
line  network-based  intrusion-protection  systems, 
more  vendors  still  wanted  to  be  tested  even  though 
their  products  didn't  fit  our  particular  bill. 

One  that  caught  our  attention  was  ForeScout 
Technologies'  ActiveScout.  We  found  ActiveScout  to  be  a 
kind  of  honeypot  that  can  be  used  to  efficiently  identify  and 
block  traffic  from  the  automatic  attack  tools  that  most 
amateur  hackers  use. 

ActiveScout  sits  in  the  network  on  a  monitoring  port,  typi¬ 
cally  outside  the  corporate  firewall.  ActiveScout  has  no  real 
services  and  protects  no  real  systems.  Instead,  it  simulates 
a  variety  of  applications  that  could  be  interesting  to  attack¬ 
ers.  The  theory  is  that  anyone  who  connects  to  one  of  these 
simulated  applications  is  up  to  no  good.  At  that  point, 
ActiveScout  uses  its  monitoring  capabilities  to  attempt  to 
reset  any  TCP  connections  from  the  attacker  and  repro¬ 
gram  the  corporate  firewall  to  block  traffic.  ActiveScout 
can  take  this  a  step  further  by  feeding  back  "poison"  infor¬ 
mation  to  the  attacker,  such  as  a  particular  Netbios  name. 

If  connection  attempts  show  up  from  other  sources  with 
this  poison  information,  ActiveScout  will  block  traffic  from 
those  sources  as  well. 

The  benefit  of  ForeScout's  approach  is  no  false  positives. 
Because  you're  not  looking  for  a  signature  or  any  other  pro¬ 
tocol  anomaly,  you  don't  have  to  worry  about  misdetecting 
potential  attacks.  It's  behavioral:  Anyone  touching  that  box 
must  be  bad  and  stopped. 


What  ForeScout  doesn't  advertise  is  the  flip  side  of  no 
false  positives:  Lots  of  false  negatives.  Only  someone  who 
actually  does  reconnaissance  using  this  model  will  get 
caught.  If  the  bad  guys  already  know  where  the  Web  server 
is  —  maybe  they  looked  it  up  in  the  DNS  —  ActiveScout 
won't  do  anything  about  the  attack. 

Nevertheless,  the  great  majority  of  Internet  attacks,  what 
we  called  “background  radiation,"  use  a  pattern  that  is  sus¬ 
ceptible  to  the  kind  of  technology  ForeScout  offers.  This  is 
why  some  of  the  IPS  tools  we  looked  at  include  honeypot 
features  as  well,  although  not  with  ActiveScout's  level  of 
sophistication. 

ForeScout's  approach  eliminates  a  lot  of  fairly  irrelevant 
information  that  would  otherwise  fill  up  intrusion-detec¬ 
tion  system,  firewall  and  IPS  logs.  Because  one  major 
problem  in  enterprise  security  deployments  is  the  over¬ 
whelming  difficulty  of  dealing  with  thousands  or  hundreds 
of  thousands  of  events  each  day,  anything  that  reduces  the 
size  of  these  logs  is  a  great  assistance.  Of  course,  net¬ 
work  managers  have  to  balance  the  value  of  a  tool  with 
the  cost  of  deploying  and  managing  yet  another  network 
security  element. 

ActiveScout  complements,  rather  than  competes  with, 
the  IPS  products  we  tested.  While  ActiveScout  might  not 
deter  serious  attackers,  it  can  help  protect  you  against 
configuration  errors  and  sloppy  mistakes.  Used  properly, 
it  will  quiet  down  the  background  radiation  of  the  Internet. 

—  Joel  Snyder  and  Christine  Burns 
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offered  an  alert-only  mode  where  it  watch¬ 
es  for  bad  packets  but  does  not  block  them. 
With  Top  Layer  and  Vsecure,  it’s  trivial  to  flip 
the  device  into  and  out  of  alert-only  mode. 
For  DeepNines  and  Captus, changing  mode 


means  making  bigger  —  not  easily  re¬ 
versible  —  changes  to  the  configuration. 

Other  management  features  varied  from 
the  simple  to  the  Byzantine  in  scale  and 
presentation.  Top  Layer,  with  its  device- 
based  Web  configuration  tool,  was  modest 
in  its  presentation.  Top  Layer  let  us  config¬ 
ure  a  single  IPS  quickly  and  without  confu¬ 


sion. The  downside  is  that  Top  Layer’s  man¬ 
agement  tool  is  an  element-based  configu¬ 
ration  utility  and  as  such  won’t  scale  if  you 
wanted  to  manage  multiple  devices.  The 
vendor’s  optional  SecureWatch  tool  aggre¬ 
gates  and  displays  statistics  from  multiple 
devices,  but  that’s  as  far  as  it  goes. 

Captus,  DeepNines  and  Vsecure  brought 


Up  To  Code”  isn’t  the  same  as 
“Maximum  Protection”^ 


At  DuPont,  we’ve  built  our  reputation  on  protecting  what’s  most  important. 
From  Kevlar”  bullet-resistant  materials,  to  Nomex  fire-resistant  fabrics, 
DuPont  creates  the  materials  that  protect  what  matters  most. 

fn  a  fire,  plenum  rated  data  communications  cables  can  be  one  of  the  largest 
sources  of  smoke,  causing  95%  of  IT  system  damage.  Limited  Combustible 
Cable  made  with  DuPont "  Teflon*  provides  the  highest  level  of  fire  and  smoke 
protection  available.  Specify  Limited  Combustible  Cable  made  with  DuPont  ” 
Teflon ;'because  “Up  to  Code”  isn’t  the  same  as  “Maximum  Protection.” 

i  r.t ‘ •  ;  ‘ •;  v ’ * . 

To  find  out  more,  or  to  locate  Limited  Combustible  Cable  manufacturers, 
visit  Teflbn.com/CablingMaterials. 

DuPopt,  Teflon:  The  science  of  protection. 


DuPont 


Teflon 


The  miracles  f  science 


CCdpyiight  All  rlgtnv  teserved.  The  DuPont  Oval.  DuPont  and  The  miracles  of  science.  Kevlar.  Nomex  and  Teflon  are  registered  trademarks  or  trademarks  of  DuPont  or  its  affiliates. 


in  more  elaborate  tools  to  handle  multiple 
IPS  devices.  Although  central  management 
was  an  enterprise-oriented  feature  with 
these  three  products,  none  let  us  manage 
the  configuration  on  more  than  one  device 
at  a  time. We  found  bugs  in  DeepNines’ and 
Vsecure ’s  systems.The  Vsecure ’s  GUI  was 
happy  to  let  us  change  configuration  with¬ 
in  the  management  system.  However,  to 
actually  activate  changes,  you  have  to  push 
them  out  to  the  device.  At  which  point  we 
found  the  GUI  occasionally  crashes. 

Captus’ overall  management  scheme  puz¬ 
zled  us.  It’s  massive,  with  graphical  elements 
sitting  all  over  the  place,  zooming  in  and 
out,  and  providing  multiple  views  of  net¬ 
work  topology.  But  it  only  talks  to  the  IPS 
devices.  It  seems  that  Captus  started  with 
an  enormous  concept  of  a  carrier-class  net¬ 
work  management  station  and  then  seri¬ 
ously  underutilized  it  in  its  enterprise  IPS 
product.  At  the  same  time,  the  part  of  the 
GUI  used  to  manage  the  parameters  of  the 
IPS  was  almost  ignored.  Defining  a  policy 
for  the  Captus  product  would  be  much  eas¬ 
ier  from  the  command  line  —  a  nod  to  the 
Cisco-familiar  workforce  that  likely  would 
install  and  configure  this  product. 


Beyond  rate-based  controls 

The  most  common  additional  feature 
shipping  with  these  products  was  a  fire¬ 
wall,  either  stateful  or  simple  packet  filter¬ 
ing.  All  can  block  traffic  and  act  as  a  basic 
firewall,  limiting  exposure  to  services  that 
should  not  ever  be  accessible  through  the 
IPS  device.  All  products  also  could  identify 
and  block  port  scanning. 

Beyond  that,  DeepNines,  Top  Layer  and 
Vsecure  had  some  capability  to  block  pro¬ 
tocol-based  attacks, such  as  illegal  TCP  flag 
combinations  used  by  hackers  during 
reconnaissance.  DeepNines  also  was  able 
to  look  for  viruses,  and  Top  Layer  bridged 
into  the  content-based  IPS  world  by  also 
scanning  for  known  problem  URLs. 

With  a  clear  focus  on  the  problem  of  DoS 
and  distributed  DoS  attacks,  Top  Layer 
brings  together  all  the  tools  needed  to  pro¬ 
tect  against  the  widest  variety  of  intentional 
and  unintentional  problems.  Captus’ 
1PS4000  had  an  astonishing  level  of  detail 
and  control  when  it  •comes  to  managing 
packet  flows.The  Captus  product  fits  better 
into  a  service  provider  or  corporate  Web 
hosting  environment  where  you  can  get  a 
precise  measure  of  what  it  is  you  want  to 
do  in  a  static  environment.  DeepNines  and 
Vsecure  fit  better  into  our  model  of  a  small 
network  with  light  and  constant  loads.* 


Global  Test  Allian 


■  Snyder,  Newman  and  Thayer  are 

members  of  the  Network  World  Global  Test 
Alliance,  a  cooperative  of  the  premier  re¬ 
viewers  in  the  network  industry,  each 
bringing  to  bear  years  of  practical  experi¬ 
ence  on  every  review.  For  more  Test  Al¬ 
liance  information,  including  what  it  takes 
to  become  a  member,  go  to  www.nwfusion 
.com/alliance. 
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You  can  also  see  Metzler  in  per¬ 
son  Feb.  24  in  Chicago  and  Feb.  26 
in  Santa  Clara,  as  he  headlines 
the  Network  World  Technology 
Tour  "Network  Management:  The 
New  Business  Focus.”  For  more 
information,  go  to  www.nwfusion 
.comleventslitseminars.html. 


Performance 

matters 

Survey  respondents  were 
asked  to  indicate  the 
primary  technique  that 
their  organization  uses 
to  manage  application 
performance  once  an 
application  has  been 
deployed. 


We  make  no 
attempt  to 
manage  or 
monitor 
performance. 

13% 


We  throw 
capacity  (i.e. 
more  servers) 
at  the  problem. 


22% 


17% 


48% 


We  have  tools 
and  processes 
that  we  use  to 
manage  and 
monitor 
applications 
proactively. 


We  have  tools 
and  processes 
to  manage  and 
monitor  appli¬ 
cations,  but 
typically  we  only 
use  them  on  a 
reactive  basis. 


Network  pros  sink  their  teeth 
into  managing  applications. 


■  BY  JIM  METZLER 

As  recently  as  two  years  ago,  the  typical 
network  organization  had  little  if  any 
responsibility  for  managing  application 
performance.  But  that  situation  has 
changed,  and  now  the  majority  of  network 
organizations  are  actively  engaged  in 
application  management. 

“Because  it  is  common  to  blame  the  net¬ 
work  for  poor  application  performance, 
networking  organizations  have  no  choice 
but  to  be  actively  involved  in  applications 
management,”  says  Terry  Dymek,  senior 
director  of  EMC’s  internal  IT  organization. 

To  quantify  the  state  of  the  art  in  app 
management,  Ashton,  Metzler  &  Associates 
surveyed  more  than  100  network  profes¬ 
sionals.  We  found  that  network  organiza¬ 
tions  have  made  great  progress  relative  to 
applications  management,  but  there  is  still 
a  long  way  to  go. 

It’s  all  about  the  apps 

According  to  the  survey  respondents,  a 
primary  reason  that  applications  manage¬ 
ment  has  become  so  important  is  that  the 
majority  of  business  managers  see  the 
value  of  IT  as  coming  primarily  from  appli¬ 
cations,  rather  than  the  supporting  infra¬ 
structure. 

Karl  Wagner,  director  of  global  network 
and  telecommunications  for  Pricewater- 
houseCoopers’  internal  IT  organization, 
puts  it  this  way:  “The  network  is  regarded 
as  the  pipes  and  sewers  of  a  city  while 
applications  are  shiny  glass,  architecturally 
pleasing  buildings  that  everyone  sees 
above  ground.” 

Another  major  survey  find  is  that  IT  pro¬ 
fessionals  regard  applications  manage¬ 
ment  as  the  most  difficult  component  of 
network  and  systems  management.To 
respond  to  the  importance  and  the  diffi¬ 
culty  of  applications  management,  suc¬ 
cessful  enterprise  IT  organizations  use  two 
related  approaches.  One  is  to  model  and 
profile  applications  to  quantify  applica¬ 
tions  performance. The  second  is  to  imple¬ 
ment  ongoing  applications  monitoring. 

Applications  modeling 

This  technique  lets  IT  organizations  simu¬ 


late  the  performance  of  an  application 
before  deployment.  It  would  be  nice  if 
there  was  a  generic  model  that  provides 
meaningful  insight  into  the  performance 
of  an  enterprise  application  such  as  SAP 
However,  this  goal  is  difficult  to  achieve 
because  of  the  level  of  application  cus¬ 
tomization  that  typically  occurs. 

In  particular,  most  companies  make 
changes  to  standard  applications  before 
they  are  deployed.  In  many  cases,  even  a 
minor  change  can  result  in  the  modified 
system  behaving  significantly  different 
than  the  standard  application.  Wagner 
points  out  that  each  SAP  implementation 
is  unique  and  hence  performs  differently 

Application  profiling 

Dymek  says  the  generic  information  he 
gets  about  application  performance  from 
major  software  providers  such  as  Oracle 
and  Microsoft  doesn’t  help  much  when  it 
comes  to  his  specific  network.  So  he  has 
instituted  a  program  by  which  his  organi¬ 
zation  works  with  the  application  develop¬ 
ers  to  profile  application  performance  at 
various  stages  in  the  application  develop¬ 
ment  life  cycle.  According  to  Dymek,  appli¬ 
cation  profiling  lets  him  set  appropriate 
expectations  as  to  how  a  given  application 
will  perform  on  a  worldwide  basis.  In  some 
cases,  the  insight  gained  by  profiling  an 
application  also  has  caused  the  applica¬ 
tion  developers  to  change  the  software. 

Ongoing  applications  management 

Our  data  (see  graphic,  left)  clearly  indi¬ 
cates  that  network  organizations  have 
come  a  long  way  in  terms  of  application 
management.  For  example,  while  22%  of 
organizations  still  throw  capacity  at  perfor¬ 
mance  issues,  that  technique  is  not  as 
widespread  as  it  used  to  be.  It’s  a  far  less 
popular  approach  than  using  tools  to  man¬ 
age  and  monitor  applications,  which  48% 
of  respondents  said  was  their  primary 
technique. 

One  way  that  companies  avoid  throwing 
bandwidth  at  performance  issues  is  to 
implement  quality  of  service  (QoS). 

Dymek  says  his  organization  has  imple¬ 


mented  QoS  throughout  the  Asia  Pacific 
region  to  reduce  the  cost  of  expensive 
WAN  links.  QoS  lets  Dymek  give  applica¬ 
tions  from  companies  such  as  Oracle  and 
Clarify  the  priority  they  need  to  perform 
well,  while  introducing  only  modest  degra¬ 
dation  in  the  performance  of  less  critical 
types  of  traffic  such  as  FTP  and  e-mail. 

Dymek  also  says  his  organization  has 
established  goals  for  network  latency  and 
that  they  continually  monitor  the  network 
to  determine  whether  or  not  they  are 
meeting  their  goals.  However,  Dymek 
pointed  out  that  the  monitoring  they  do  is 
not  application-specific  in  part  because 
he  has  not  been  able  to  find  a  monitoring 
tool  that  can  manage  application  perfor¬ 
mance,  particularly  of  n-tier  applications 
that  use  Web  services. 

“The  network  management  suppliers  are 
just  now  catching  up  with  Cisco’s  ability  to 
provide  QoS  and  provide  corresponding 
queue-level  performance  measurements. 
Before  QoS,  standards  management  meth¬ 
ods  included  SNMP  polling  and  ping  mea¬ 
surements.  With  QoS,  these  SNMP  polling 
latency  and  ping  measurements  cease  to 
provide  meaningful  measurements. 
Network  management  suppliers  must 
instead  rely  on  queue  measurements  from 
routers, ’’Wagner  says. 

Our  data  also  indicates  that  network 
organizations  still  have  a  long  way  to  go. 
For  example,  while  most  organizations 
have  tools  and  processes  to  manage  and 
monitor  applications  on  an  ongoing  basis, 
only  1 7%  use  these  tools  and  processes  in 
a  proactive  manner. 

Pulling  it  together 

Organizations  that  are  serious  about 
managing  one  or  more  applications 
should  start  by  reviewing  any  models  that 
have  been  developed  that  can  provide 
insight  into  the  performance  of  the  appli¬ 
cation.  Application  profiling  can  provide 
details  about  how  their  implementation 
of  an  application  is  likely  to  perform. 
While  techniques  such  as  QoS  can  ensure 
network  performance,  the  biggest  chal¬ 
lenge  organizations  will  face  is  to  imple¬ 
ment  tools  and  processes  that  directly 
enable  the  management  of  complex 
applications. 

Metzler  is  uice  president  of  Ashton, 
Metzler  &  Associates.  He  can  be  reached  at 
jirn@ashtonrnetzler.com. 
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Connected  commuters 

The  business  travel  industry  outfits  planes,  trains  and  automobiles  with 
Wi-Fi  to  attract  and  retain  new  passengers  in  a  tight  market. 

■  BY  LAUREN  GIBBONS  PAUL 


Think  its  cool  to  surf  the  ’Net  via  a  Wi-Fi  hot  spot  while  waiting  to  board 
your  flight  in  an  airport  lounge?  Well,  the  business  and  commuter  travel 
industries  are  poised  to  go  one  better.  Wireless  802.11  Internet  access  is 
coming  soon  to  planes,  cars,  trains,  limos,  buses  and  even  boats. 


Plagued  by  a  brutal  post-Sept.  1 1  downturn  and  ongo¬ 
ing  terrorism  fears,  travel  providers  say  they  hope  to  win 
customers  who  want  their  Wi-Fi.  No  matter  what  the 
mode  of  transport,  attracting  new  passengers  and 
retaining  old  passengers  is  paramount. 

“This  is  a  value-add  for  the  passenger/  says  Craig 
Mathias,  principal  at  consulting  firm  Farpoint  Group. 
Business  travelers  will  go  out  of  their  way  to  pick  a  flight 
or  train  that  has  reasonably  priced  Internet  access, 
Mathias  says  —  not  having  to  face  a  pile  of  e-mail  later 
is  a  huge  benefit. 

The  business  case  is  unclear.  Neither  carriers  nor  wire¬ 
less  vendors  are  certain  how  much  passengers  will  be 
willing  to  pay  or  of  the  ROl  for  necessary  infrastructure 
spending.  But  that  hardly  dims  Wi-Fi’s  bright  outlook  for 
business  travel  and  commuting.  “Even  if  it  doesn’t  turn 
out  to  be  profitable,  it’s  still  increasing  ridership,”  says 
Phil  Solis,  senior  analyst  at  ABI  Research. 

Wi-Fi  trials  are  springing  up  all  over  the  globe,  from 
Bay  Area  commuter  trains  to  a  Boston  luxury  coach. 
European  carriers  are  somewhat  ahead  of  their  U.S. 
counterparts.  France  is  well  into  the  process  of  rolling 
out  Wi-Fi  Internet  access  on  its  high-speed  TGV  train. 

As  Wi-Fi  test  markets  go,  the  region  from  San  Francisco 
up  to  Oakland  is  prime  turf. The  tech-sawy  passengers 
here  are  likely  to  tote  laptops  with  Wi-Fi  adapters.  It  was 
therefore  natural  that  PointShot  Wireless  last  year 
approached  the  Capitol  Corridor  Joint  Powers  Authority 
(CCJPA),  the  agency  that  operates  a  commuter  train 
through  Silicon  Valley,  to  begin  a  Wi-Fi  pilot.  Launched 
last  October,  the  yearlong  trial  is  a  partnership  with  the 
California  Department  of  Transportation  and  the 
University  of  California  at  Berkeley. 

PointShot  offered  a  sweet  deal:  At  no  charge,  the  com¬ 
pany  would  install  its  RailPoint  Server,  a  proprietary 
product  that  combines  several  types  of  modems,  an 
802.1  lb  access  point,  router  and  content  cache,  and  a 
variety  of  antennas,  both  inside  and  on  top  of  the  train 
car.  PointShot  would  manage  the  system  from  its  net¬ 
work  operating  center  in  Ottawa. 

Transparent  to  the  commuters,  the  type  of  WAN  used 
to  connect  the  car’s  wireless  LAN  to  the  Internet  would 
witch  from  a  cellular  data  network  to  a  satellite  net¬ 
's  rk,  depending  on  which  method  provided  the  best 
performance  at  the  moment.  “We  have  not  spent  any 
pocket  money  on  this,  just  my  time,”  says  Jim  Allison, 
senior  planner  for  the  Bay  Area  Rapid  Transit,  part  of 


the  CCJPA.“We’re  very  happy  we  looked  as  attractive  as 
we  did  [as  a  candidate  for  the  pilot] .”  PointShot  de¬ 
clined  to  disclose  how  much  it  invested  in  the  Capitol 
Corridor  pilot. 

Users  need  only  to  turn  on  their  Wi-Fi-enabled  laptops, 
log  on  through  a  Web  page  and  begin  working  —  con¬ 
figuration  issues  are  minimal. So  far, Wi-Fi  access  is  avail¬ 
able  on  just  one  train  in  the  whole  route,  and  that  car 
could  be  anywhere  on  the  line  so  passengers  can’t  plan 
on  using  the  service  on  a  given  day  “That’s  one  of  the 
most  unfortunate  things  about  this,”  Allison  says. 
Otherwise,  usage  and  feedback  on  the  service,  now 
offered  for  free,  have  been  good. 

Performance  has  been  reliable  if  not  lightning  fast. 
“[Data  access  speeds]  are  faster  than  56K  [bit/sec]  typi¬ 
cally  but  not  as  fast  as  DSL  or  cable.  Everyone  is  spoiled 
with  high-speed  internet  at  home  and  at  work,”  he  says. 

PointShot  President  and  CEO  Shawn  Griffin  says  Wi-Fi 
speed  on  the  train  has  averaged  about  400K  bit/sec  per 
user,  which  degrades  somewhat  as  more  passengers  go 
online.  Performance  is  “better  than  dial-up,”  he  says,  but 
acknowledges  the  need  to  manage  user  expectations. 
“People  shouldn’t  expect  they’re  going  to  be  streaming 
video  from  CNN.  Not  this  year.  Maybe  next,”  Griffin  says. 

According  to  Allison,  the  cellular  WAN  is  the  bottleneck. 
Next-generation  cellular  technology  is  expected  to 
improve  performance.  In  addition  to  satellite,  other  WAN 
transport  modes  include  terrestrial  microwave  networks. 

Allison  and  his  colleagues  are  putting  out  an  RFP  for 
a  vendor  to  operate  the  train’s  wireless  concession,  han¬ 
dling  the  entire  Wi-Fi  service. “We’re  learning  about  the 
business  model  at  this  point.  We  know  the  service 
works.  We  don’t  really  know  how  much  people  will  pay 
for  it,”  Allison  says.  He  does  not  expect  to  outlay  any 
cash  for  Wi-Fi  infrastructure  but  anticipates  the  state  of 
California  will  share  revenue  with  the  wireless  conces¬ 
sionaire  some  time  down  the  road. 

As  the  launch  customer  for  Connexion  by  Boeing, 
Lufthansa  German  Airlines  is  arguably  further  along 
with  wireless  than  any  other  airline.  Boeing  announced 
its  Connexion  Wi-Fi  service  in  2000,  and  many  airlines 
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Read  up  on  Wi-Fi  deployment  in  limos  and  trains. 
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were  quick  to  jump  on  board.  The  terrorist  attacks  in 
2001  caused  almost  all  of  them  to  scale  back.“We  were 
the  only  one  to  stick  with  our  plans,”  says  Michael 
Lamberty  manager  at  Lufthansa  in  Frankfurt,  Germany 

This  quarter,  Lufthansa  will  begin  a  two-year  rollout  of 
the  service,  dubbed  Lufthansa  FlyNet,  on  its  long-haul 
fleet.The  airline  will  offer  news  and  weather  content  on 
its  portal  free  of  charge  to  users.  Connection  charges  to 
the  rest  of  the  Web  will  be  about  $25  to  $35  per  session, 
according  to  Stan  Deal, vice  president  of  global  network 
sales  for  Connexion  by  Boeing. 

While  air  travelers  who  used  Wi-Fi  on  Connexion  by 
Boeing  pilots  seemed  unfazed  by  those  prices,  that  rate 
would  be  too  high  for  those  on  the  ground.  “We  would 
never  be  able  to  support  a  price  of  $35  per  session,” says 


* - 

BUSINESS  TRAVEL  INDUSTRY: 

AT  A  GLANCE 

The  transportation  sector  in  North  America 
spent  $10.5  billion  on  IT  in  2003,  says  IDC.That 
sum  includes  $636  million  for  servers,  $762  million  on 
client  systems,  $600  million  on  peripherals  and  storage, 

$740  million  on  network  equipment,  $2.55  billion  on 
packaged  software,  and  $5.2  billion  on  IT  services. 

Business  airfares  will  increase  5%  in  2004  to 
an  average  of  $1,273,  according  to  the  National 
BusinessTravel  Association. 

•- 

Doug  Werdebaugh,  senior  vice  president  of  U.S.  opera¬ 
tions  for  Carey  International,  a  Washington,  D.C.,  limou¬ 
sine  service.The  5,000-car  company  is  testing  Wi-Fi  access 
through  InMotion  Technology  on  one  car  in  six  major 
metropolitan  markets,  including  New  York  and  Boston. 

The  pilot  has  been  successful  enough  for  Carey  to 
already  begin  outfitting  the  rest  of  the  fleet  with  service. 
Werdebaugh  is  not  convinced  Wi-Fi  access  is  imperative 
for  its  riders,  70%  of  whom  are  businesspeople.  Still,  he 
says  adding  access  is  part  of  the  firm’s  history  of  inno¬ 
vating,  such  as  when  the  company  was  the  first  to  offer 
air-conditioned  car  service  in  1921. 

The  business  model  remains  cloudy  at  this  stage,  but  it 
is  only  a  matter  of  time  before  the  players  figure  out 
what  the  market  will  bear.  Mathias  of  Farpoint  Group 
says  it  will  take  another  two  to  three  years  for  Wi-Fi 
access  to  become  widespread  in  these  markets. “Once 
people  start  using  wireless,  they  don’t  want  to  go  back. 
The  vendors  and  carriers  will  come  up  with  interesting 
pricing  models  that  will  get  just  about  every  road  war¬ 
rior  online,”  he  says. 

Paul  is  a  freelance  writer  in  Waban,  Mass.  She  can  be 
reached  at  lauren.paul@comcast.net. 
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Cautious  growth 

As  IT  hiring  slowly  increases,  employers  seek  security,  Web  services,  Linux  and  business  skills. 


■  BY  JENNIFER  MEARS 

After  two  and  a  half  years,  James  Barry  is  hiring  again. To  deal  with  new,  stringent  regula¬ 
tory  requirements  in  the  financial  sector,  the  CIO  at  OneUnited  Bank  in  Boston  has  about 
$250,000  budgeted  this  year  to  increase  his  15-person  staff  by  two  or  three  positions. 


“We  are  adding  an  assistant  vice  president  of  information 
technology,  an  operations  manager  and  a  documentation 
specialist,”  Barry  says.The  documentation  specialist  is  the 
hot  one.  With  all  of  the  new  and  emerging  regulatory 
requirements,  we  are  finding  that  we  need  to  spend  more 
time  putting  pen  to  paper  to  describe  the  internal  controls 
and  safeguards  that  we  have  in  place.” 

Analysts  say  issues  such  as  increased  regulatory  scrutiny 
coupled  with  IT  budgets  that  are  finally  turning  around, are 
resulting  in  a  pick-up  in  IT  hiring  this  year.  But  it  will  be 
slow,  they  say.  In  addition,  while  expertise  in  areas  such  as 
Windows  and  Cisco  network  administration  continue  to 
be  in  high  demand, skills  focusing  on  securityWeb  services 
and  Linux  also  are  becoming  hot.  Analysts  add  that  iso¬ 
lated  technical  expertise  is  no  longer  enough. 

“The  people  who  are  the  top  performers  and  tend  to  pro¬ 
vide  the  greatest  value  have  a  really  unique  perspective 
and  a  synthesis  of  a  lot  of  different  things,  not  just  technical 
skills,”  says  Diane  Morello,  a  vice  president  and  research 
director  at  Gartner.  “They  have  an  understanding  of  the 
business  and  the  ability  to  anticipate  what  might  happen  if 
the  business  changes  in  a  particular  way’ 

It’s  a  trend  that’s  been  going  on  for  some  time  as  IT 
becomes  more  closely  aligned  with  business.  But  until  this 
year,  IT  managers  primarily  have  been  reshuffling  positions 
internally  Now  some,  such  as  Barry,  plan  to  add  positions. 

Carlson  Companies,  a  marketing,  travel  and  hospitality 
conglomerate  that  employs  about  190,000  people  in  140 
countries  through  its  brands,  including  T.G.l.  Friday’s  and 
Radisson  Hotels  &  Resorts, did  little  IT  hiring  last  year,  most¬ 
ly  using  contract  workers  to  fill  in  where  needed.  So  far  this 
year,  the  firm  has  eight  or  10  open  positions  for  an  IT  staff 
of  about  900, says  Jana  Bertheaume, director  of  recruitment 
at  Carlson  headquarters  in  Minneapolis.  Most  of  those 
openings  are  new  positions. 

While  Carlson  seeks  Java  and  .Net  skills,  Bertheaume  says 
the  company  also  is  focused  on  hiring  people  who  know 
more  than  technology 

“We’re  looking  for  that  combination  person. The  individ¬ 
ual  who’s  got  a  technical  background, but  also  has  the  busi¬ 
ness  saw/  she  says.  “Business  analyst,  project  managers, 
people  who  have  project  methodology 

For  the  first  time  in  three  years, analysts  are  predicting  sig¬ 
nificant  increases  in  IT  budgets  for  2004.  IDC  is  the  most 
optimistic,  with  an  estimate  of  as  high  as  8%  growth  for  the 
year.  But  analysts  say  that  hiring  increases,  which  usually 
lag  budget  upturns  by  about  six  months,  aren’t  happening 
as  quickly 

“It’s  a  very  different  transition  this  time  around,  and  what 
1  think  is  different  is  that  a  lot  of  companies  are  offshoring,” 


says  David  Foote,  president  and  chief  research  officer  at 
Foote  Partners. 

Companies  are  taking  a  hard  look  at  where  they  can  out¬ 
source  to  fill  needs.  That  includes  bringing  in  temporary 
workers  or  hiring  consultants,  analysts  say 
“If  companies  have  guarded  optimism  rather  than  ‘we’re 
going  to  the  moon’  optimism,  often  times  they’ll  bring  in 
contractors  first  thinking  if  this  isn’t  really  as  good  as  I  think 
it  is,  I’m  not  making  a  full-time  head-count  addition,”  says 
Katherine  Spencer  Lee,  executive  director  at  IT  staffing 
research  firm  Robert  Half  Technology  (RHT). 

Gilbert  Maldonado,  systems  information  manager  at 
technology  printing  firm  Capital  Spectrum  in  Austin, 
Texas,  says  his  budget  is  being  increased  because  of  the 

(  x 

Sought-out  specialties 

More  than  1,400  CIOs  surveyed  by  Robert  Half 
Technology  in  late  2003  expected  these  types 
of  IT  expertise  to  be  in  the  highest  demand 
this  quarter: 

Specialty: 

18%  Application  development 
13%  Networking 
12%  Help  desk/end-user  support 
9%  Internet/intranet  development 
9%  Data/database  management. 

8%  Project  management 
7%  Information  security 
6%  Systems  analysis 

18%  Other/don’t  know 

Skills  in  highest  demand*: 

82%  Windows  administration 
56%  SQL  Server  administration 

38%  Cisco  network  administration 
37%  Visual  Basic  development 
32%  Check  Point  firewall  administration 
27%  Active  Server  Pages  development 
1 9%  XML  development 
w"*"  '  ”’”16%  Linux  administration 
15%  Java  development 
1 4%  .Net  development 
1 3%  Oracle  database  administration 
1 1  %  Active  X  development 

’Multiple  responses  were  allowed. 
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need  to  replace  aging  hardware. But  instead  of  hiring  new 
people  to  help  with  the  upgrades,  Maldonado,  who  now 
runs  the  firm’s  IT  department  single-handedly  after  cut¬ 
backs  two  years  ago, says  he’ll  bring  in  temporary  workers 
or  consultants. 

“We’re  just  not  at  the  point  yet  that  we  need  to  add  full¬ 
time  positions,”  he  says.“Maybe  next  year’ 

An  RHT  survey  of  more  than  1,400  CIOs  last  year  found 
that  only  9%  planned  to  increase  their  staff  levels  in  the 
first  quarter  of  2004.  The  good  news  is  that  just  6%  said 
they  likely  would  make  cuts.  The  majority  84%,  said  they 
expected  no  change. 

“We’re  not  seeing  a  straight  shot  up  out  of  the  doldrums,” 
RHT’s  Lee  says.“But  we  are  certainly  seeing  improvement.” 

Lee  says  she  is  seeing  the  biggest  hiring  increase  in  the 
financial  services  and  healthcare  industries  as  they  deal 
with  regulatory  requirements.  In  addition,  large  mergers 
and  acquisitions  are  resulting  in  the  need  to  hire  IT  staff  to 
help  combine  disparate  systems.The  transportation  indus¬ 
try  probably  will  be  the  slowest  to  hire,  she  says. 

As  for  what  positions  are  being  filled,  RHT’s  CIO  survey 
found  that  Windows  administrators  (NT/2000/XP)  are  in 
highest  demand,  with  82%  of  respondents  saying  they  had 
a  need  for  that  expertise.  SQL  server  administration,  Cisco 
network  administration,  Visual  Basic  development  and 
Check  Point  firewall  administration  were  also  at  the  top  of 
the  skills  list. 

Analysts  say  expertise  in  network  security  particularly  as 
it  relates  to  spam  and  wireless  technology  also  will  be¬ 
come  important.  Foote,  who  tracks  pay  rates  for  specific 
skills  and  specialties,  says  now  is  the  time  for  people  to 
jump  into  the  security  field. 

“Our  research  has  shown  pay  for  information  security 
and  security  jobs, skills  and  certifications  have  been  above 
average  for  two  years  straight,”  Foote  says.The  writing  is  on 
the  wall:  If  you’re  not  in  that  business,  you  might  want  to 
point  your  career  toward  that. . .  .Security  hasn’t  been  a  sexy 
place  to  work.  It  hasn’t  been  funded  very  well.  But  clearly 
when  the  smoke  clears  it  will  be  funded,  and  it  will  be 
funded  well.” 

Analysts  say  infrastructure  know-how,  such  as  network 
administration  and  management;  emerging  technologies 
such  as  Linux,  Java  and  .Net;  and  business  intelligence 
skills  are  in  high  demand.  Expertise  in  legacy  systems  such 
as  VAX,  COBOL  and  VMS  will  be  a  boon  for  prospective 
employees  only  if  they  also  have  expertise  in  how  those 
systems  can  communicate  with  newer  technologies. 

“People  who  haven’t  learned  anything  new,  not  kept  their 
skill  sets  current  and  don’t  have  a  desire  to  be  adaptable 
and  flexible  and  interact  with  the  rest  of  the  business  will 
have  a  tough  time,”  Lee  says. 

OneUnited’s  Barry  agrees:“In  the  past  we  would  look  for 
NT  gurus  or  [Cisco  Certified  Internetwork  Experts],  Now 
we  are  looking  for  people  who  understand  not  only  the 
technology  but  also  the  business  requirement  for  the  tech¬ 
nology  and  how  the  business  benefits  and  survives  from 
the  operation  of  the  technology’  ■ 


Percent  of  respond¬ 
ents  saying  this  was 
in  greatest  demand  in 
their  companies. 
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Anywhere,  Anytime 
Console  Port  Management 

When  business  critical  servers  or  networks 
malfunction,  the  Equinox  CCM  console  manager 
gives  you  the  tools  to  securely  and  quickly 
restore  normal  functionality. 


CCM  solutions  include: 

■  SSH  v2/Telnet  host 

■  Strong  authentication 

■  Offline  buffering 

■  SUN  break  safe 

■  In/out  of  band  access 

■  Point  and  click  access 


With  the  CCM  you  can: 

j 

■  Be  organized 

■  Tighten  security 

■  Manage  users 

■  Establish  permissions 

■  Be  proactive 

I  ■  Log  critical  events 


Available  in 
8  and  16-port 
models.  Call  for 
more  details  on 
48-port  model. 


Download  your  free  guide! 

8  Key  Reasons  Why  Administrators 
Rely  on  Console  Port  Management 
Solutions  at  www.equinox.com 


Local  or  remote 
console  access. 

Serial 


Telnet 

Client 


SSH 

Client 


Fora  30-day  product  evaluation,  call  1-800-275-3500 
ext.  247  or  954-746-9000  ext.  247 


AVWorks™  management  software  and 
the  CCM  console  manager  integrate 
with  Avocent's  KVM  over  IP  switches 
and  intelligent  power  controllers  to 
offer  total  data  center  management 
from  a  single  application. 


Power 
Control 

Linux  Server 
Windows  Server 
Unix  Server 
Switch 
Router 

CCM1640 


Devices  in  Rack 


AVWorks 

Client 


nK.n« 

AVWCK... 


Dial  Access 
Client 


Local 
Terminal 


One  Equinox  Way,  Sunrise  FL  33351,  email:  sales@equinox.com  or  for  international  customers  email:  intlsales@equinox.com. 

'  2004  Avocent  Corporation.  Equinox  and  AVWorks  are  trademarks  or  registered  trademarks  of  Avocent  Corporation  or  its  affiliates.  All  other  marks  are  the  property  of  their  respective  owners. 


n  is  a  reliable  and  secure  remote  control  software 


O 

Famatech 


RADMIN: 


KEEP  CONTROL 


||)  2003  Famatech  LLC 

Famatech,  Remote  Administrator 
and  Radmin  are  trademarks 
of  Famatech  LLC. 


STAY  REMOTE 


soa-, 

s  .56? 


:-r 


'imm 


mmm 
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Radmin  key 
benefits: 

-  flexible  pricing 

-  real-time  speed 
of  work 

-  friendly  interlace 

-  stable  trouble- 
free  performance 

-  security 

-  free  e-mail 
support 


TRY  RADMIN  2.1 
FOR  FREE! 

DOWNLOAD 

30-DAYS 

FULLY 

FUNCTIONAL 
TRIAL  VERSION! 


Hj 

mmm.  ... 

,  I, 

•uiy  crucial  features  are  all  there:  incredibly  fast  remote  control,  file  transfer,  NT  security,  telnet  and  mUJtilanguage 
TDc-ort.  Radmin  is  blisteringly  fast:  you  can  work  on  a  remote  computer  exactly  as  if  you  were  right  there  at  its 


keyboard. 


Radmin  3.0  is  coming  soon!  See  details  at:  www.radmin.com/news 


e-mail: 
radmin@radmin.com 


■■■  _ U 


Fingerprint  Authentication  Scanner  Enterprise  KVM  Solutions  Advanced  Console  Servers  Network  Management  Gateway  Intelligent  Power  Distribution  Units 

AlterPath™Bio  AlterPath™KVM  AlterPath™ACS  AlterPath™  Manager  AlterPath™PM 


Cyclades'  data  center  management  solutions  offer  a  full  range 
of  security  features  across  its  entire  product  line  of  console  servers, 
power  management,  KVM,  biometric  scanner  and  network  management.. 
With  SSH  v2,  IP  Filtering,  strong  authentication,  event  logging  and 
data  logging,  Cyclades  can  make  your  network  into  a  secure 
heavyweight  contender  in  the  data  center  world. 

LINUX 

INSIDE 


-  '  V. 


:r  -v 

r*  •  >'■  V  ■ 


For  a  FREE  white  paper  on  data  center  security,  please  visit  us  at  www.cyclades.com/securitywp 


www.cyclades.com/nw 

1.888.cyclades  .  1.888.292.5233  •  sales@cyclades.com 


cyclades 

Everywhere  with  Linux 


©2004  Cyclades  Corporation.  All  rights  reserved.  All  other  trademarks  and  product  images  are  property  of  their  respective  owners.  Product  information  subject  to  change  without  notice 
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NetOp  Remote  Control 

If  you  think  all  remote  control  and  support  software  packages 
are  the  same  -  try  NetOp  today.  NetOp  Remote  Control  is  faster, 
offers  the  highest  level  of  security  and  has  more  support 
features.  Visit  www.RemoteControlSW.com  to  take  NetOp  for  a 
FREE  test  flight  and  make  your  remote  access  and  support 
really  fly. 

"S  Streamline  &  optimize  your  Help  Desk  operations 
*v,  IT  pros  fix  more  problems  -  faster 
Top-rated  remote  access  security 

Works  with  all  your  systems  -  Windows,  Mac,  Linux  &  more 
Near  real-time  screen  redraws  -  even  cross-platform 
V.  Advanced  scripting  options  and  file  synchronization 
One-button  hardware  &  software  inventories 
Integrates  well  with  your  system  management  software 


Cross  Tec 

Corporation 

Toll  Free  Sales  and  Support:  800.675.0729 
services@CrossTecCorp.com  |  www.CrossTecCorp.com 


I 

GbBIT 

MAGA/INI 

CDITOKf 

CHOKM 

5H 

NetOp  and  the  red  kite  are  registered  trademarks  of  Danware  Data  A/S.  Other  brand  and  product  names  are  trademarks  of  their  respective  holders.  ©2004  Copyright  Danware  Data  A/S.  All  rights  reserved. 


Canada  Toll  free:  (800)  526-5958 


Custom  Management  Levels 


Test-drive  the  new  Observer  9,0  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


OBSERVER 

•  Decode  over- 500  protocols 

•  Long-term  network  trending  &  analysis 

•  Real-time  statistics 


Remote  &  Hardware  Options 


REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 


EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

•  Expert  Analysis 

•  Connection  Dynamics 


Introducing  Observer  9.0 


GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


New  Application  Analysis 

Remote  probes  now  provide  multi-interface  and 

multi-session  support 

Industry-first  4GB  packet  capture  buffer 

Wireless  Site  Survey  Modes 

Nanosecond  resolution 

Now  over  450  Expert  Events 

SNMP,  RMON  and  now  HCRMON  support 


OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RM0N1,  RM0N2,  HCRMON 

•  Web  Publishing  Reports 


NETWORK 


^.to«whis 


One  Network  cjy  Complete  Control 


OBSERVER 


WX\  IM 


OBSERVER 


Wired  to  Wireless  •  UN  to  WAN 


OBSERVER 


www.networkinstruments.com/nine 

©  2004  Network  Instruments,  LLC.  All  rights  reserved.  Observer,  Network  Instruments  and  the 
Network  Instruments  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 


APC  solves  top  4  rack  problems. 


APC's  full  range  of  compatible  components 
solve  your  most  pressing  problems,  from 
cabling  nightmares  and  hot  spots  to  blown 
circuit  breakers  and  brand  incompatibility. 
Because  the  APC  NetShelter®  VX  enclosure 


supports  whole  IT  environments,  you  can 
easily  build  upon  your  NetShelter  VX  foun¬ 
dation  as  future  requirements  change.  The 
NetShelter  VX  comes  with  the  "Fits  Like  a 
Glove"*  money-back  guarantee  to  ensure 


compatibility  with  all  IT  equipment.  Whether 
you  need  a  simple  solution  or  are  thinking 
big,  you  can  depend  on  just  one  vendor  of 
choice.  Visit  us  today  at  www.apc.com. 


V 


HP/COMPAQ*  SUN*  IBM 


GUARANTEED 

COMPATIBILITY 


CISCO  •  LUCENT , 


*  "Fits  Like  a  Glove  "  guarantees 
that  all  brands  of  EIA-310-D 
compliant  equipment  fit  inside. 


NetShelter® VX  Enclosures  (x -certififpi 


Next  generation,  high-quality  enclosures 

•  Fully  ventilated  front  and  rear  doors  with  enhanced  ventilation  pattern  maximize  airflow 

•  Overhead,  base  and  side  cable  access  provides  easy,  integrated  cable  management 

•  Rear  Cabling  Channel  (42"deep  versions  only)  allows  for  easy  installation, 
access  and  serviceability  of  both  data  cables  and  power  distribution 

•  Available  in  multiple  configurations:  35.5"  deep,  42"  deep,  beige  or  black 

NetShelter®  Open  Frame  Racks  <x -certified)  repost nniyi 


Economical  solutions  for  wiring  closets  and  networking  applications 

•  Designed  to  accommodate  networking  devices  such  as  hubs,  routers  and  switches 

•  Industry  standard  7'  high  design  provides  45U  of  equipment  mounting  space 

•  Self-squaring  design  allows  one-person  assembly 

•  Made  of  high-strength  6061 -T6  structural-grade  aluminum 

Air  Removal  Unit  (ARU)  ix  certified) 

Heat  removal  for  enclosures  in  IT  rooms  and  data  center  hot  spots 

.  Enables  up  to  7.5kW  of  power  consumption  in  a  rack,  without  taking  up  U  space 
.  Automatic  fan  speed  adjustment  leads  to  greater  energy  efficiency 
.  Dual-power  input  cords  allow  the  unit  to  attach  to  redundant  power  sources 
.  Ducting  kit  to  drop  ceiling  plenum  allows  higher  temperature  from  equipment 
exhaust  to  be  delivered  directly  to  A/C  return  stream 


Power  Distribution  Units  (x -certified) 

Distribute,  monitor,  and  remotely  control  power  in  rack  enclosures 

•  Basic:  Vertically  and  horizontally  mounting  ^ 

with  a  range  of  amps  and  voltages 

•  Metered:  Ability  to  monitor  the  current  draw  and  set  alarm  thresh¬ 
olds  that  when  exceeded,  provide  both  visual  and  audible  alarms 

•  MasterSwitch:  Advanced,  remote  power  distribution  and  control. 
User  configurable.  Users  can  configure  the  sequence  in  which 
power  is  provided  to  individual  receptacles  upon  start  up 


-s^- \ _ 


Environmental  Monitoring  Unit  (x-certinedj 

Networked  appliance  provides  temperature  and  humidity  monitoring 

•  Browser-accessible  1U  rackmountable  appliance  provides 
temperature  and  humidity  monitoring 

•  Monitors  third  party  devices  via  4  input  contacts 

•  Enables  you  to  control  a  third  party  device  via  1  output  relays 

•  Sends  early  warning  notifications  to  appropriate  personnel 


LCD  Monitors  (x -rFRUFiEDi 


1U  rackmountable  integrated  LCD,  keyboard  and  mouse 

•  Occupies  only  1U  of  rack  space  compared  to  the  10U 
to  13U  of  space  required  by  a  traditional  CRT  monitor 


Enter  to  WIN  a  FREE  APC  LCD  Monitor  today.  A  $2239  value! 

Visit  http://pwnwjipc.com  Key  Code  p676y  •  Call  888-289-APCC  x6673  •  Fax  401-788-2797 

©2004  American  Power  Conversion  Corporation  All  Trademarks  are  the  property  of  their  owners  E-mail:  esupport@apcc  com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  •  APC1B4EF-US 


Legendary  Reliability  " 
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KVM  RACK  DRAWER  WiTH 


A  Kv(4 switch  allows  single  or  multiple 
\;.  Wor Rotations  to  have  local  or  remote  access  to 
multiple-computers  located  in  server  rooms  or 
on  the  desktop,  regardless  of  their  platforms 
%  and  .operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 

valuable  real  estate.  ■'  . 

;  ■  ■  •  ;  . 

Recognized  as  the  pioneer  of  KVM  switch 
|  ;';“'  techrT0Jdgy<- Rose  Electronics  offers  the 
:  ,  industry’s  most  comprehensive  range  of 
"  server-management  products  such  as  KVM 
switches,  extenders  and  remote  access 
:50fytip.»is,  Ftose  Electronics  products  are 
•'i  ’  .knewh  Tohtheir'quality,  scatability,  ease  of  use 
.  .  and  innovative  technology. 

/  ;0: 

Rose  Electronics  is  privately  held  with  .world-  ; 

"  v  headquarters  in  Houston,  Texas  and  sells. its 
v;  ’/.Ipraducts  worldwide  through  a  large  network  of 
Resellers  and  .Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 

'r';  _/t3ermanyi^Benelux,  . Singapore  and  Australia. 


jjg/.  :  ly' -v  1*  -  - 

'  -  .■ 

4;;; .  ,  •. 


RackVsew™ 

I  SWITCH  OPTION 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  Texas  77099 


ROSE  US  +281  933  7673 

ROSE  EUROPE  +  44  (0)  1 264  850574 
ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1540 


a tn 
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SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


800  333  9343 

WWW.ROSE.COM 


UltraMatrix  Remote 


REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 
Secure  encrypted  operation  with  login  and  computer 
access  control 

Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 


UltraConsole™ 


PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


Connects  up  to  1000  computers  to  a  KVM  station 
Models  for  4,  8,16  computers 
Advanced  visual  interface  (AVI) 

Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 
Connects  to  PS/2,  Sun,  USB,  or  serial  devices 
Converts  RS232  serial  to  VGA  and  PS/2  keyboard 
Free  lifetime  upgrade  of  firmware 
Security  features  prevent  unauthorized  access 
Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 
Easy  to  expand 


ELECTRONICS 


■  Id  Instantly  Search  Gigabytes  of  Text  Across 

HiSISCllvn  a  PC,  Network,  Intranet  or  Internet  Site 


Publish  Large  Document  Collections 
to  the  Web  or  to  CD/DVD 

♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 


♦  highlights  hits  in  HTML,  XML,  &  PDF  while  displaying  embedded 
links,  formatting  &  ffnTiW4H 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 


“The  most  powerful  document  search  tool  on  the  market” 

-Wired  Magazine 


j 


“Intuitive  and  austere  ...  a  superb  search  tool”  -PC  World 
“Blindingly  fast”  -Computer  Forensics:  Incident  Response  Essentials 
“A  powerful  arsenal  of  search  tools”  -The  New  York  Times 

'■dMMMMWMMHMMIIMMMMMnilMHWMWMItWMHMnilMnHnMMMMHMHMMMHMMMMMHMMi 
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dtSearch  “covers  all  data  sources  ...  powerful  Web-based 
engines”  -bWeek 


‘Searches  at  blazing  speeds”  -Computer  Reseller  News  Test  Center  J 


In  the  past  two  years,  over  half  of  the  Fortune  15  purchased 
dtSearch  developer  or  network  licenses. 


I  1-800-IT-FINDS 

5  iles@dtsearch.com 


See  www.dtsearch.com  for: 

♦  hundreds  of  developer  case  studies  &  reviews 

♦  fully-functional  evaluations 


dtSearch 


Industrial-strength 


Industrial-strength .. 
SUperb"-PC  Magazine 


^■dtSearch 

trzm 


Web 

^ith^Spider 


s|j 

'♦^rlndustrial-strength.. 

I  superb"-PC  Magazine 


2?  dtSearch 


dtSearch 


♦  for  Win  &  .NET 
♦  for  Linux 

♦  call  for  pricing 


^ST'Industrial-strength.. 


SUperb”— PC  Magazine 


Ipueus! 

for  CD/DVD^t 


'Industrial-strength. 
SUperb”— PC  Magazine 


♦  from  $2,500 


♦  from  $800 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


Need  SSH  Console  Ma 


SSH  or  d  it-Baati  Access  to 
Consoles  at  Remote  L  ications 


NetworkWbrid 
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The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  and  maintenance  ports  on  UNIX 
servers,  routers  and  any  other  network  elements  which  have  a  serial  console 
or  craft  port.  System  administrators  can  access  serial  maintenance  ports 
over  the  network  via  SSH  connections  and  simple  menu-driven  commands, 
or  through  a  discrete  TCP  port  connection  mapped  directly  to  one  of  the 
SCM-16  serial  outputs. 


Visit  website  for  complete  NetReach™  product  line. 


■  Secure  Shell  (SSHv2)  Encryption 

■  Simultaneous  SSH  or  Telnet 

■  Non-Connect  Port  Buffering 

■  SYSLOG  Reporting 

■  SNMP  Capability 

■  Any-to-Any  Port  Switching 

■  IP  Security  Features 

■  10/100  Base-T  Ethernet  Port 

■  Port-specific  Password  Protection 

■  Data  Rate  Conversion 

■  11 5/230 VAC  or  -48VDC  Models 


(800)  854*7226  •  www.wti.com 

5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:  (949)  583-9514 


western  telematic  incorporated 


Get  MORE  COMPUTERS  in  LESS  SPACE 


We’ll  design  maximum 
flexibility  into  your 
available  space 


We’ll  give  you  a  3-D  plan 
at  NO  CHARGE! 


G.S.A.  GS29F269H  •  I.S.O.  9001  CERTIFIED 


YOU  CAN  RECEIVE  YOUR  ORDER  IN  5-7  BUSINESS  DAYS 

COMPUTER  SECURITY 


Custom  fire  “rooms”  and 
“vaults”  available 

Store  paper  documents  and 
computer  media  in  the  new 
mixed  media  safes  and  files 

Units  are  available  in 
various  sizes 


THE  SAUK  GROUP  •  1-800-668-9319  Ext.  201  •  www.salixgroup.com 


0U  WANT  COMPLETE  VISIBILITY. 


RMOtfl 


MAKE  IT  HAPPEN. 


Remote  Monitoring  Solutions 

RM0N  and  HCRM0N  Probes 

You  want  remote  monitoring  solutions  for  visibility  into  every  part  of  your  network.  With 
RM0N  and  HCRM0N  Probes  from  Network  Instruments,  it's  easy.  Convert  any  PC  into  a 
complete  remote  network  monitoring  data  collection  device.  Use  the  RM0N  appliance 
(available  in  1U  and  4U  systems)  for  a  full  turn-key  solution.  Call  800-526-7919  for  more 
information  or  visit  our  website  at  www.networkinstruments.com/RMON. 


Full  compliance  with  RM0N1,  RM0N2  and  HCRM0N 


High  capacity  RM0N  Probes  provide  full-duplex  Gigabit 


capture  compatible  with  any  RM0N  management  console  or 


collection  facility  (Observer- .  OpenView,  Concord 


NetScout ,  Micromuse'“) 


Complete,  industry  standard,  software-based  probes  for 


Windows  2000/XP 


•  Software  based,  non-dedicated  data  collection 


Compatible  with  Network  Instruments'  optimized  ErrorTrak- 


NDIS  drivers,  which  display  true  errors-by-station. 


One  Network  ^  Complete  Control 


Wired  to  Wireless  •  LAN  to  WAN 


iJ^fTWOBK* 

it/iraBMEHTS 

US  K  Canada:  (952)  932-9899 

Toll  free:  (800)  526-7919 

UK  &  Europe:  +44  (0)  1959  569880 


sssfBa 
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RocketVault 


Disk-2-Disk  (Fast  Restore),  Door-2-Door  (Electronic  transfer) 
Dusk-2-Dawn  (transfer  data  while  you  sleep), 
and  Day-2-Day  (lower  maintenance  &  TCO) 


IntraDyn 


www.rocketvault.com 

5666  Lincoln  Drive  #205  Minneapolis,  MN  55436 
(952)  936-7733  Fax  (952)  908-1 1 21 


Automated  Data  Protection 


ave  40-70%  on  Network  Equipme 

Refurbished  Routers,  Switches, 

Access  Servers  and  Modules. 


Trust  .Value  // 

Quality  Parts. Great  Prices 


Call  today  for 


Trust  the  Experts 

Continental 

COMPUTERS  Since  1984 


10%  off  1  item  (Up  to  $500)* 

*New  customers  only. 


www.conticomp.com 
Call  us:  (310)  416-1200 


UTSrnm  3C0fTl 
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COMPUTONt  ^  * 
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Communicating  through  technology 


If  it’s  on  the  N  WORLDWIDE  PROVIDER 
network,-*-  -  ^  OF  NETWORK 

vfe’ye  got  it!  HARDWARE 

|  .  SINCE  1981! 

•  Network  Hardware 


•  Cables 


Memory 


A 


THE  NETWORK  SPECIALISTS 

WRCA.NET 

hCOt,V9'3122 


•  Accessories  .■affifljg' 

sales@wrca.net  -  (800)699-9722x102 


*  Tl/El  &  T3/E3  Modems 

►  RS-232/422/485  Modems  and 
Multiplexers 

*  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

*  LAN  -  Arcnet/Ethernet/Token  Ring 

*  Video/Audio/Hubs/Repeaters 

*  ISO-9001 
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Toll  Free  866-SITech-l 
630-761-3640,  Fax  630-761-3644 
www.sitech-bildriver.com  or  www.sitechfiber.com 


Production  Tracking  Over  Ethernet 
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•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 
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Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


M Built-in  Barcode  Badge  Reader 
:  -4  Optional  Mag-Stripe  &  RFID  Badge  Reader 
•  Auxiliary  RS-232  Serial  port 
^ v  •  Customizable  Data  Collection 

Program  Included  jS&O 


Program  Included 
;f  larger  keyboard  and 
display  sizes  available 


Mil  TIJiWISE. 

1-800-255-3739  or  visit  www.computerwise.com 


Attention  Resellers! 


SECUREMATICS 

The  Right  decision  for  Security  Products 

Best  Source  for  SONICWALC 
Security  Products! 

•  Inventory  on  hand 

•  Aggressive  prices 

•  Added  margins  with  training 

•  Pre  sales-Post  sales  support 

Securematics  is  a  SonicWALL  Authorized  Distributor 
And  Authorized  Training  Partner. 

To  sion  up  for  the  Medalion  Partner  Program,  please  contact  us. 

Call  -  888-746-6700  sales@securematics.com  www.securematics.com 


WWW.SU1TCASE.COM 


Luggage,  Fine  Leather  Goods,  Gifts,  and  more! 

Tumi,  Hartmann,  Andiamo,  Samsonite,  Cross 

10%  discount  for  Network  World  readers 
Enter  code  NWW2004 
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IT  Careers  In  Healthcare 


There's  a  short  list  of  high-impact  information 
technology  priorities  for  the  healthcare  industry  - 
mobility,  information  security/privacy  and  point-of- 
information  connectivity.  Add  to  this  list  the  eHealth 
Initiative,  a  nationwide  effort  mentioned  in  President 
Bush's  State  of  the  Union  address  in  January,  and  every 
dollar  spent  on  healthcare  IT  must  have  an  impact. 

The  eHealth  Initiative,  according  to  Janet  Marchibroda, 
executive  director  of  the  Foundation  for  eHealth  Initiative, 
would  create  an  interconnected  electronic  health 
information  infrastructure  -  patient  information  available 
when  and  where  it's  needed  to  provide  vital  care  and  the 
ability  for  patients  to  use  telemedicine  when  appropriate. 
The  foundation  is  administering  more  than  $4  million  in 
federal  grants  for  pilot  community  health  programs  based 
on  data  and  information  technologies  that  link  hospitals, 
outpatient  facilities,  primary  care  and  specialty  care 
practices.  The  Health  Information  for  Quality  Improvement 
Act  currently  moving  through  Congress  reinforces  this 
effort,  providing  a  loan  program  and  other  support  for 
building  the  nationwide  IT  infrastructure  and  standardizing 
forms  to  facilitate  exchange  of  information  and  data. 

Marchibroda  says  that  today  just  5%  of  the  nation's 
physicians  use  electronic  health  records.  "We  have  seen  an 
uptick"  over  the  past  18  months,  she  reports.  "I  think  that 
within  the  next  five  years,  we  will  see  almost  half  of  the 
providers  with  such  tools."  The  effort  is  getting  a  boost 


from  federal  funds  on  pilot  projects  and  learning  labs,  the 
setting  of  standards  and  the  use  of  IT  and  electronic  data  to 
improve  quality  and  safety  of  patient  care. 

With  a  nationwide  focus  on  healthcare  providers 
switching  to  IT  to  improve  quality  and  safety,  there's  some 
evidence  that  the  hiring  is  ramping  up.  According  to  Betsy 
Hersher,  a  member  of  the  Health  Information  Management 
Systems  Society,  the  group  currently  has  1 4,000  members. 
Hersher,  who  recruits  executives  in  the  IT  healthcare 
segment,  says  there  are  job  openings  throughout  the 
spectrum  -  from  entry  level  to  more  than  45  chief 
information/technology  officer  openings  that  currently 
exist  in  the  healthcare  industry.  And,  according  to  Hersher, 
pay  for  IT  healthcare  professionals  is  on  par  with 
other  industries. 

Sheldon  I.  Dorenfest,  CEO  of  Sheldon  li  Dorenfest  & 
Associates  in  Chicago,  says  healthcare  IT  spending  rose  by 
9.3%  in  2003  to  $23.6  billion.  Dorenfest  forecasts  a  9% 
increase  in  IT  spending  for  healthcare  for  at  least  the  next 
three  years,  growing  to  $30.5  billion  by  the  end  of  2006.  He 
has  projected  the  most  significant  spending  in  Picture 
Archive  Computer  Systems  (which  digitize  MRI,  CAT  and  X- 
ray  images)  and  Computerized  Physician  Order  Entry 
Systems  using  mobile  devices.  "While  healthcare  IT  system 
purchases  outpace  prior  expectations,"  Dorenfest  says, 
"there  continues  to  be  a  growing  work  process  problem 
within  healthcare  organizations.  With  this  additional 


clinical  systems  buying,  there  is  a  possibility  that 
work  processes  will  deteriorate  unless  implementation 
approaches  are  improved.  Significant  emphasis  must  be 
placed  on  simplifying  and  improving  work  flow  during  the 
implementation  of  these  new  systems." 

Among  those  leading  the  change  within  the  industry  is 
Linda  L.  Reino,  chief  technology  officer  for  Universal  Health 
5ervices  Inc.  "There's  a  lot  of  excitement  about  IT  in 
healthcare  for  the  future,"  she  says.  "Wireless  is  exploding, 
we  have  to  address  mobility  of  healthcare  providers,  and 
the  use  of  browser-based  technologies  to  make  the  systems 
more  intuitive  to  reduce  training.  The  faster  and  more 
efficient  we  can  streamline  patient  condition  information 
and  disseminate  it  to  be  used  by  many  -  those  are  the 
most  important  things  that  the  next  generation  of  projects 
will  involve."  Reino  says  the  turnover  rate  among  clinical 
staff  and  the  mobility  issues  are  unique  to  healthcare, 
making  these  types  of  developments  leading  edge  for 
IT  professionals. 


For  more  information  about  IT  Careers  advertising, 

please  contact:  Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 


SW  Dev  Engineer  -  Assist  in 
designing,  developing,  coding, 
testing  &  debugging  new  SW  or 
making  enhancements  to  exist¬ 
ing  SW  using  Object-Oriented 
analysis  &  design,  Unix  Shell 
Scripting,  SQL,  DB,  C++.  CGI, 
Perl.  Oracle.  HTML,  & 
Javascript.  Develop  solutions 
across  mult  disciplines  &  be 
responsible  for  explaining  solu¬ 
tions  &  procedures.  Apply  prin¬ 
ciples,  theories  &  concepts  & 
use  methodologies,  tools,  docu¬ 
mentation  processes  &  test  pro¬ 
cedures  to  complete  moderately 
complex  SW  projects.  This  is  an 
entry-level  position  working 
under  close  supervision  of  the 
SW  Dev  Mgr.  BS  Comp  Sci, 
Eng.  or  related  field  +  one  year 
of  related  experience  (SW 
Engin,  Comp  Engin,  and/or 
Comp  Prog)  &  working/theoreti¬ 
cal  knowledge  of:  Object- 
Oriented  analysis  and  design, 
Unix  Shell  Scripting.  SQL.  DB. 
C++.  CGI.  Perl.  Oracle,  HTML. 
&  Javascript.  $63,300/yr.  M-F 
8-5.  Littleton,  CO.  Must  have 
proof  of  legal  authority  to  work 
permanently  in  U.S.  Application 
by  resume  only  to  Workforce 
Development  Programs,  PO 
Box  46547,  Denver.  CO  80202. 
Ref  job#CO5067662. 


Senior  Programmer/Systems. 
Works  w/  business  unit  clients  to 
interpret  business  strategies  & 
objectives  to  support  implemen¬ 
tation  of  Siebel  (Orion)  new  info 
systems  application.  Applies 
knowledge  of  Siebel  2000  & 
Siebel  7,  JavaScript,  SQL  (PL- 
SQL  a  plus),  etc.  Req  Bach-  in 
Comp.  Sci.  or  Any  Engineering 
Field  and  2  yrs  exp.  in  job  or  2 
yrs  exp  as  a  Systems  Analyst. 
Send  ad  &  resume:  Kyle  Foster. 
Amgen  Inc..  One  Amgen  Center 
Dr..  Thousand  Oaks,  CA  91320- 
1799  (jobsite).  Include  Ad#  03- 
575FV. 


Sr.  Database  Administrator 
(Omaha,  NE)  -  Design,  install, 
maintain  &  upgrade  production 
DBs  8  provide  tech,  guidance  & 
oversight  of  DB  admin,  initia¬ 
tives,  incl.  overall  performance 
of  DB  environment.  Work  close¬ 
ly  w/dients,  bus.  analysts,  sys. 
programmers  &  application  dvl- 
prs  to  define  &  resolve  info,  flow 
&  content  issues  to  transform 
bus.  req’s  into  environment  spe¬ 
cific  DBs.  Monitor  &  analyze 
performance  metrics  &  allocate 
DB  resources  to  achieve  opti¬ 
mum  DB  performance.  Maintain 
multiple  servers  &  DBs  of  medi¬ 
um  to  high  complexity  w/concur- 
rent  users,  ensuring  control, 
integrity  &  accessibility  of  data. 
Work  w/Oracle  DB  Administra¬ 
tion  8.x,  9.x  on  Unix  &  NT  plat¬ 
forms.  Oracle  Applications  1 1  i 
Sys.  Admin.  &  Unix  (Shell)  pro¬ 
gramming  Req’s:  Bachelor's 
degree  in  Comp  Sci,  Math,  Eng 
or  related  &  2  yrs  exp  in  job 
offered  or  as  Oracle  DB  Admin¬ 
istrator  &/ or  Consultant,  incl. 
working  w /  Oracle  D!  B  Admin. 
8.x,  9.x  on  Unix  &  NT,  Oracle 
Applications  1 1  i  Sys.  Admin.  & 
Unix  (Shell)  programming.  M-F, 
9am-5pm,  40hrs/wk,  $85K/yr. 
Send  resume  to:  Nebraska  Wor¬ 
kforce  Dvlpmt.  Attn:  Madhavi 
Bhadbhade,  PO  Box  94600, 
Lincoln,  NE  68509.  Refer  to  Job 
Order  #TREL5-VGU7D-82053. 


CustomerOne  (Everbank)  looks 
for  Business  Analyst  to  perform 
analysis,  modeling  to  maximize 
profits,  develop  statistically- 
based  credit/loss  forecasting 
models  for  loan  products  includ¬ 
ing  overdraft  lines.  HELOCs. 
BS/BA  with  1-yr  exp  using 
SAS/SQL.  Contact: 
Jane.Dulle@EverBank.com. 

Synova  has  multiple  openings 
for  Project/Software  Engineers, 
System/Programmer  Analysts. 
Our  dients  include  Fortune  500 
Candidates  must  have  MS  or  BS 
with  experience.  We  offer  attrac¬ 
tive  wage  with  full  benefits 
Travel  maybe  required.  Email 
resume  to  ads@synovainc.com. 
EOE 


Computer  Professionals 
Required: 

Xtreme  Worldwide  Solutions, 
Inc,  New  Hampshire 

We  are  looking  for  professionals 
(software  engineers/program¬ 
mer  Analysts/Web  Developers/ 
QA  Testers)  with  experience  in 
following  areas  or  combination 
thereof: 

ERP  People  Soft  /People  Soft 
Technical,  Financials/People 
Soft  HRMS,  Oracle  Manufactur¬ 
ing  /FIN/HR  applications.  Also 
EDI,  GEMMS  &  System  ESS, 
SAP  R/3,  VBA,  ABAP. 

OS:  Unix,  Sun  OS,  Solaris,  HP- 
Unix.  MS  DOS,  Windows  NT/ 
2000/98/95/4.0/3.1 

RDBMS  &  Applications:  Ora¬ 
cle  7.x/8,  Crystal  Reports.  MS 
Office,  Lotus  Notes,  MS  Access. 
COM/DCOM/OLE,  OOM,  SQL¬ 
Server  6.5.  Sybase  11.0,  DB2, 
Oracle  DBA. 

Languages/Packages:  VC++. 
C.  C++,  MFC.  Java,  Power 
Builder.  Visual  Basic.  Oracle  De¬ 
veloper  2000,  Sybase/Oracle, 
80x86  Assembly.  Cobra,  CGI, 
JDBC,  IIS,  ASP,  Inter  Dev,  MS 
Visual  Source  Safe  4.0,  SQA, 
ADO,  COM.  Active  X,  OLE. 
ODBC,  Shell,  Perl,  HTML/CGI, 
PL/SQL.  Pro'C,  Lotus  Script. 
FoxPro,  TCP/IP.  Lotus,  Java 
Script.  COBOL.. 

Tools:  MS  Excel,  Pro'C, 
SQL'Loader.  Imports  Export, 
OLE.  OCX.  Active  X,  ODBC, 
Visual  Source  Safe. 

Testing  Tools:  Win  Runner, 
Load  Runner,  Silk,  SQA  Robot. 

Require  MS/BS  in  computers/ 
engineering  or  related,  with  one 
or  two  years  experience  in  relat¬ 
ed  field. 

Must  be  willing  to  travel  to  differ¬ 
ent  sites.  We  offer  competitive 
salaries  and  benefits 

Mail  resumes  to:  HRD,  Xtreme 
Worldwide  Solutions.  Inc.,  75 
Gilcreast  Road.  Suite  200, 
Londonderry,  NH  03053  or  Fax 
to:  603-386-6185 


Goes  to  Dice.com  first  for  complete  tech  career  guidance 


Only  tech  jobs  •  Career  guidance 
Salary  info  •  Daily  job  notification 
Training  &  certification 
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Seeking  candidates  with  experience  in  the  latest  versions  of  Oracle,  Unix 
(AIX  and  SUN),  Data  Management/Storage  technologies,  Web  Development 
tools,  and  emerging  SAP  related  technologies. 

For  consideration,  please  send  a  resume  to  Aramco  Services  Company, 
reference  code  06J-ITCAREERS,  in  one  of  the  following  ways:  Fax: 
(713)  432-4600;  Mail  P.O.  Box  4530,  Houston,  TX  77210-4530;  e-mail 
(please  cut  and  paste  rather  than  send  an  attachment); 
resumes@aramcoservices.com. 

For  a  detailed  description  of  the  above, 
positions,  please  refer  to  our  website 


www.jobsataramco.com. 


gjjgnmllgSaljl 
Saudi  Aramco 


the  heart  of  our  work,  not  only  the  energy  we  provide  to  the  entire 
but  also  the  energy  which  drives  our  people.  The  following  represents 
r  needs  with  Saudi  Aramco  in  Dhahran,  Saudi  Arabia: 


EDP  Systems  Analysts 

SAP  Training  Specialists 

EDP  Applications/Systems  Specialists 


Sr  Systems  Analysts  to  man¬ 
age  teams  to  analyze,  design, 
develop  appls  using  VB,  SQL, 
ASP,  SAS,  MS  Access  etc  using 
Windows  OS;  perform  database 
modeling  using  ERWIN,  create 
stored  procedures,  functions, 
triggers  using  T-SQL;  identify 
user  problems,  prepare  mainte¬ 
nance  plans;  provide  technical 
support,  train  end-users.Require 
MS  or  foreign  equiv  in  CS/Engg 
(any  branch)  or  related  field  with 
1  yr  exp  in  IT. 

Programmer  Analysts  to  ana¬ 
lyze,  design, test  appls  using 
OOAD,  C++,  CORBA,  XML,  Or¬ 
acle,  SQL,  Websphere,  Rational 
Rose,  Shell  Script,  etc  under 
Windows  OS;  develop  test 
suites  for  performing  regression/ 
integration  testing;  prepare  user 
docsfor  installing  system  soft¬ 
ware.  Require  a  B.S.  or  foreign 
equiv  in  CS/Engg  (any  branch) 
with  2  yrs  exp  in  IT.  High  salary. 
F/T.  Travel  involved.  Resume  to: 
HR,  Unilinx,  Inc.,  4625,  Alexan¬ 
der  Dr.,  Ste  110,  Alpharetta,  GA 
30022. 


Programmer/Analyst  wanted  by 
Consulting  firm  in  IL  to  dsgn  & 
dvlp  advanced  d/bases  & 
applies,  incl.  systems  analysis  & 
integrating  Client  Server  applies, 
architect  dsgn  &  implmt 
Databased  applic  Relational 
Database  &  Client/Server 
Envrmt  &  Dvlpmt  in  Distributed 
Database  mgmt  system  using 
CASE  tools.  Must  have  Bach  or 
equiv  in  Engg  &  1  yr  exp  in  job 
offd.  Please  respond  to 
Mohammad  N.  Yaqoob.  Mgr.  M 
Y  Management  Inc,  8060  N. 
Lawndale  Ave,  Skokie,  IL  60072. 


Network  Administrator/Eng¬ 
ineer.  Perform  network  admin. 
Main-tain  services  on  TCP/IP 
network  including  FTP,  News, 
DNS,  SMPT  mail;  WWW  ser¬ 
vice,  RADIUS  and  caching  ser¬ 
vice.  Develop  tools  to  monitor 
network  traffic  on  Unix, 
Windows  system.  Maintain 
accounting  SQL  server  on 
Windows.  Install,  support  new 
system  software.  Monitor 
routers,  equipment  in-cluding 
Cisco  and  Xyplex.  Must  have  2 
yrs.  college  in  Comp.  Sci., 
Engg.  or  related,  including  6 
months  exp.  with  programming 
using  C,  Unix,  Windows,  SQL 
Server,  TCP/IP  and  designing 
and  maintaining  network 
equipment  including  Cisco. 
Send  resume  to  LISCO,  Attn: 
Ralph  Turner,  108  W.  Palm 
Drive,  Suite  208,  Fairfield,  IA 
52556. _ 

Programmer  Analyst  need¬ 
ed  to  plan,  develop,  test 
and  document  computer 
programs  and  systems  spe¬ 
cializing  in  postal  solutions. 
M.Sc.  in  Physics,  Math,  EE, 
CIS  or  equivalent  reqd. 
Contact  Sung  Park  @  877- 
774-3600. 


SR.  VISUAL  BASIC 
CONSULTANT 

Analyzes  &  evaluates  existing  or 
proposed  software  sys.  Dvlps, 
implmnts  &  improves  programs, 
sys.  &  related  procedures  to  pro¬ 
cess  data  using  in-depth  knowl¬ 
edge  of  the  software  dvipmnt  life 
cycle.  Encodes,  tests,  debugs  & 
installs  operating  progs.  &  other 
sys.  software  utilizing  advanced 
knowledge  of  Vis.  Basic  prog, 
tools.  Bach,  degree  (or  equiv.)  in 
Comp.  Sci.,  Math,  Engnrg,  Bus. 
or  Commerce  +  3  yrs  exp.  in 
position  offered  or  as  a  Software 
Engnr,  Prog.  Analyst  or  Sys. 
Analyst  reqd.  Exp.  must  incl:  (1) 
Oper.  Sys:  Windows  or  UNIX; 
(2)  Prog.  Langs:  Vis.  Basic,  ASP 
&  XML;  &  (3)  Dbases:  Oracle  or 
Sybase  or  SQL  Server.  High 
mobility  preferred.  40  hrs/wk, 
8am  -  5pm,  $66,730/yr.  Quali¬ 
fied  applicants  submit  resume 
to:  Site  Administrator,  Greene 
County  CareerLink,  4  West  High 
Street,  Waynesburg,  PA  15370- 
1324.  Please  refer  to  Job  Order 
No.  WEB  390484. 


Systems  Analyst  w/B.S. 
&  2  years  experience,  in 
Houston,  TX.  Send 


resume  to:  HR  Dept., 


BlossomSelect,  1302 


Waugh  Dr.  Ste  863, 


Houston,  TX  77019. 


Audio  Signal  Processing 
Expert,  MS  in  Electronics  or 
Music  Eng.  Min  1  1/2yrs  wk 
exp  in  musical  signals  and 
psychoacoustic  models. 
R&D  dept  reqs  eng  with 
strong  math  &  physics 
background;  exp  in  audio 
signal  analysis/synthesis, 
percep.  models  of  sound  & 
low  br  coding.  Full  posting: 
www.chaoticom.com, 
Submit  resume:  jobs@ 
chaoticom.com,  Ref.  Req# 
569  -  Two  openings. 

SOFTWARE  ENGINEER 
sought  by  well-monitoring 
software  development  co. 
in  Houston,  TX.  Requires 
M.S.  in  Comp.  Sc.  plus  exp. 
(employer  will  consider 
applicant's  completing  all 
coursework  except  for  the¬ 
sis  as  also  meeting  the  edu¬ 
cational  requirements). 

Respond  by  resume  only  to 
Lynn  Brown,  S/Z  #11, 
vMonitor,  Inc.,  10000  Old 
Katy  Road,  Ste  100B, 
Houston,  TX  77055. 

Database  Administrator  w/exp 
to  install  &  upgrade  Oracle  da¬ 
tabases,  Oracle  Apps  (ERP) 
and  ADI  on  Sun  Solaris  &  MS- 
SQL.  Oracle  Hot  &  Cold 
backup  using  Veritas  netback- 
up.  Maintain  Disaster  Recov¬ 
ery  servers.  Clone  Oracle 
database  &  applications  to 
test  &  development  environ¬ 
ment.  Apply  ERP  &  database 
patches.  Performance  tuning 
for  databases  and  applica¬ 
tions.  Mail  Resumes  to:  Vedior 
North  America,  60  Harvard 
Mill  Square,  Wakefield,  MA 
01880. 

User  Support  Analyst  (2  posi¬ 
tions).  8a-5p.  40  hrs/wk. 

Analyze,  determine,  test, 
resolve  graphics,  prgmg  langs, 
OS,  applications  &  h/ware  probs 
of  users  applying  knowl  of  diag¬ 
nostic/networking  procedures, 
s/ware  &  h/ware;  Oracle,  SQL, 
WinNT  &  UNIX;  recommend 
modification  in  prgm;  train  users. 
Bach  or  equiv  in  Bus 
Admin/Mgmt,  Info  Sys,  Comp 
Sci  or  Engg  or  related  field  &  1 
yr  exp  in  job  offd  or  as 
Sys/IT/prgmg  profl  using  above 
skills  req'd.  Resume:  Nextgen 
Inc.,  5675  Jimmy  Carter  Blvd., 
#600,  Norcross,  GA  30071. 

Computer  Support  Specialist/ 

Network  Administrator  with 

experience  in  high-speed  net¬ 
work  connections  and  internet 

services  for  hospitality  proper¬ 
ties.  Send  resume  to  Chase 

Hospitality  LLC  dba  Best 

Western  Erie  Inn  &  Suites,  Attn: 

Peggy  Riedesel,  7820  Perry 

Highway,  Erie,  PA  16509.  Must 

reference  job  code  #078.  EOE. 

Software  Engineer:  Design, 
develop,  implement  &  test  web 
based  applications.  Manage  & 
architect  solutions  that  inte¬ 
grates  the  client’s  information 
system  using  JSP,  JavaScript, 
HTML,  DHTML,  Oracle, 

PL/SQL,  JDBC  in  a  Unix  and 
Windows  environment.  Req  BS 
in  Comp.  Sci.  Engg/Rei  field. 
Wages:  $65,000/yr,  40  hrs/wk, 
9am-5pm.  Send  2  resumes  to: 
Case#200203464,  Labor  Exch¬ 
ange  Office,  19  Staniford  St.  1st 
FI.,  Boston,  MA  02114. 

Where  The 


Get  Better! 


Operations-Research  Anlyst. 
BS-Comp.Sci  +  3  yrs  exp  in  job 
or  as  Prgrmr  Anlyst.  MS- 
Comp.Sci  +  1  yr  exp  in  job  is 
also  accptble.  Cnduct  anlys  of 
bus  reqmnt  &  operat'n!  prblm  for 
cnstruct'n  buildr  &  dvlpr.  Dvlp 
s/ware  to  prvide  optiml  time, 
cost  &  logistics  solut’n.  Study  & 
dvlp  custmized  budgt,  contract  & 
invoice  us'g  Projecttalk.  Eviuate 
cost  prfrmnce  us'g  Cobra.  Dsgn 
&  implmnt  Intgratd  Prject 
Mngmnt  Systm  us’g  ASP,  VB, 
HTML,  XML,  Oracle  dBase, 
Oracle  Portal.  Dvlp  intrface  to 
acces  Primavera  Expedition/P3 
&  trnsfr  data  to  Oracle.  Setup  & 
gnerate  reprt  systm  us'g  IIS 
server,  ASP  &  Crystal  Report 
Writer.  $73,091/yr.  40  hrs/wk. 
Send  resume  to  HR  Dept., 
Stellar  Services,  156  5th  Ave. 
Ste  1134,  NY,  NY  10010. 


itcareers.com 


can  solve  the 


labyrinth  of 


job  hunting  by 


matching  the 


right  IT  skills 


with  the  right 


IT  position. 


Find  out  more 


at: 


www.itcareers.com 


Computerworld  •  InfoWorld  •  Network  World  •  February  16,  2004 


NW0402 1 66/W/MW  2 


it  careers.com 


IT 


Software  Engineers  to  design, 
develop  and  maintain  various 
appls  using  J2EE  technologies. 
OOAD.  Rational  Rose.  Java. 
XML,  JavaScript.  VBScript. 
HTML  etc;  perform  requirements 
analysis,  problem  analysis,  solu¬ 
tion  design,  implementation  and 
documentation  on  developed 
appls.;  provide  training  and  user 
support  for  the  systems  and 
related  appls,;  perform  debug¬ 
ging  and  modifications  on  exist¬ 
ing  software.  Require  M  S.  or 
foreign  equiv.  in  CS/Math/Engin- 
eering  (any  branch)  or  related 
field.  High  salary,  full  time  posi¬ 
tion.  Some  travel  involved. 
Resumes:  HR,  Opal  Soft.  Inc. 
3150  Almaden  Expwy  Ste  205, 
San  Jose,  CA  95118. 


Want  a  new 
IT  career? 


Check  out  our  jobs 
in  the  combined 
CareerJournal.com 
database. 


www.itcareers.com 


IT  Careers 
Wants  You! 

Take  the  hassle  out  of 
job  searching  and 
check  us  out  at 
www.itcareers.com. 
Today,  more  than  ever, 
the  right  skills  fuel  the 
new  economy  and  IT 
Careers  wants  you  to  be 
there.  Check  us  out  at: 
www.itcareers.com 


Project  Manager  -  Interface 
w/dients  to  understand  &  record 
bus  requirements.  Document 
bus  requirements  into  functional 
requirements  for  projects  written 
in  C++,  Java.  COBOL,  HTML. 
Visual  Basic,  &  SQL  in 
UNIX/Windows  NT  environ¬ 
ments.  Manage  a  group  of  such 
projects  from  conception  to 
implementation.  Ensure  pro¬ 
jects  are  delivered  on  time  8 
w/in  budget.  Track  projects  by 
using  MS  Project,  Oracle,  & 
other  Quality  Control  measure¬ 
ments  including  MS  Excel,  MS 
Word,  &  MS  PowerPoint. 
Report  project  status  on  a  regu¬ 
lar  basis  to  senior  management. 
Manage  availability  of  hardware 
&  resources  critical  to  projects. 
This  is  an  entry-level  project 
management  position  working 
under  close  supervision  of 
Resources  &  SW  Development 
Mgr.  BS  Comp  Sci,  Eng,  or 
related  field  +  working/theoreti¬ 
cal  knowledge  of:  UNIX/ 

Windows  NT;  COBOL,  Java, 
HTML.  Visual  Basic,  SQL,  C++; 
Oracle;  &  MS  Word/Excel/ 
Project/Powerpoint.  $61K/yr. 
M-F.  8-5.  Denver,  CO.  Must 
have  proof  of  legal  authority  to 
work  permanently  in  U.S. 
Application  by  resume  only  to 
Workforce  Development  Prog- 
-rams,  PO  Box  46547,  Denver, 
CO  80202.  Ref  job# 
CO5067656. 


Seismic  Micro-Technology,  Inc. 
(Houston,  TX)  is  seeking 
Geosciences  Software  Engin¬ 
eer.  1  yr.  exp.  in  using  MFC  and 
sampling,  filtering,  &  spectral 
computation  for  signal  process¬ 
ing.  Send  resume  to  8584  Katy 
Fwy,  #400,  Houston,  TX  77024. 
Attn:  Manager  of  HR. 

Operations  Support  Specialist 
(Bossier  City,  LA):  Develops  or 
modifies  programs  and  support 
computer  operation  using  VB, 
SQL,  FoxPro,  TCP/IP,  LAN, 
WAN  Protocols,  IPX/SPX,  Hubs, 
Switches,  Proxy,  Windows 
NT/2000  Linux  Novel  Netware.  1 
yr.  exp.  and  B.S.  degree 
required.  Send  resume  to  A  K 
Int'l,  Inc.  2950  East  Texas  St., 
Ste  530,  Bossier  City,  LA  71111 
or  318-764-0429  (F),  Attn:  Mr. 
Aziz 


Sr.  Consultant  needed  by  IT  co. 
in  Naperville,  IL  to  provide  con¬ 
sulting  in  business  analysis,  sys¬ 
tem  s/ware  design,  project  mgmt 
&  application  dvlpmt  using 
s/ware  such  as  Oracle  &  Matrix 
One.  Must  have  Bach  in  Comp 
Tech.  Engg  &  1  yr  exp  in  job  offd 
or  as  IT  Consultant.  Respond  to 
Eric  Camplin,  Piocon  Tech¬ 
nologies,  1952  McDowell  Rd, 
Ste  104,  Naperville,  IL  60563. 
No  calls. 


SW  Dev  Engineer  -  Assist  in  the 
design,  development,  trou¬ 
bleshooting,  analysis.  8  delivery 
of  software  &  systems  solutions 
using  SQL,  PL/SQL,  SQL 
'PLUS,  Oracle  database  design/ 
analysis,  C,  C++.  Visual  Basic, 
HTML,  &  Object  Oriented 
Design  &  Analysis.  Analyze 
processes  &  requirements. 
Identify  solutions  to  fit  business 
needs.  Create  requirements- 
based  design  plans.  Participate 
in  requirements  review,  prepara¬ 
tion  of  estimates,  code  develop¬ 
ment,  unit  testing,  8  related 
release  activities.  Apply  princi¬ 
ples,  theories,  8  concepts  8  use 
methodologies,  tools,  documen¬ 
tation  processes,  8  test  proce¬ 
dures  to  complete  software  pro¬ 
jects  on  UNIX,  NT,  DOS,  8 
Windows  95/98  operating  sys¬ 
tems.  This  is  an  entry-level  posi¬ 
tion  working  under  close  super¬ 
vision  of  the  SW  Dev  Mgr.  BS 
Comp  Sci,  Eng,  or  related  field  + 
working/theoretical  knowledge 
of:  QL,  PL/SQL,  SQL  'PLUS; 
Oracle  database  design/analy¬ 
sis,  C,  C++,  Visual  Basic,  HTML, 
Object  Oriented  Design  8 
Analysis;  8  UNIX/NT,  DOS, 
Windows  95/98  operating  sys¬ 
tems.  $63K/yr.  M-F.  8-5. 
Denver,  CO.  Must  have  proof  of 
legal  authority  to  work  perma¬ 
nently  in  U.S.  Application  by 
resume  only  to  Workforce 
Development  Programs,  PO 
Box  46547,  Denver,  CO  80202. 
Ref  job#C05067670. 

Software  Engineer  to  design, 
develop  and  implement  com¬ 
mercial  application  software 
using  C,  C++,  Assembly,  Visual 
DSP++,  Vantive,  Clearcase,  UN¬ 
IX  Shell  Scripts  and  RTOS,  as 
well  as  communication/network 
protocols  including  ATM/Frame 
Relay/IP  under  Windows  and 
UNIX  operating  systems  Re¬ 
quire:  Master's  degree  in  Com¬ 
puter  Science,  an  Engineering 
discipline,  or  a  closely  related 
field  with  2  yrs  of  exp  in  the  job 
offered.  Attn:  Job  SP. 

Senior  Software  Engineer  to  de¬ 
sign,  develop,  implement,  test 
and  enhance  ERP,  CRM  and 
web-based  application  software 
using  SAP  R/3,  ABAP  4,  Java, 
JSP,  Siebel  and  HTML  on  Win¬ 
dows  NT  platform.  Responsible 
for  data  mapping,  unit  testing 
and  system  integration  testing; 
Provide  production  support;  De¬ 
velop  technical  specifications; 
Create  and  generate  custom¬ 
ized  reports;  Provide  training 
and  technical  support  to  end 
users.  Require:  Bachelor's  de¬ 
gree  in  Computer  Science,  an 
Engineering  discipline,  or  a 
closely  related  field  with  5  yrs  of 
progressively  responsible  exp  in 
the  job  offered  or  as  a  Pro-gram- 
mer/Systems  Analyst  (CRM/ 
ERP).  Attn:  Job  GM. 

Extensive  travel  on  assignment 
to  various  client  sites  within  the 
U.S.  is  required.  Competitive 
salary  offered.  Apply  by  resume 
to:  Hiring  Manager,  Compuzard, 
Inc.,  95  Mason  Street,  Suite  3, 
Berlin,  NH  03570. 

Full  time  Project  Manager. 
(Multiple  Openings)  Respon¬ 
sibilities  include:  manage  multi¬ 
tiered.  Internet/Intranet/Client 
Server  based  multi-user.  Re¬ 
engineering/Conversion  applica¬ 
tions  projects  throughout  the 
United  States;  manage  systems 
analysts,  business  analysts  and 
support  staff;  audit  applications 
quality  to  ensure  adherence  to 
Quality  Management  Systems 
(SEI-CMM  Level  2  or  above); 
manage  implementation  of 
applications;  manage  user 
acceptance  tests  and  user  train¬ 
ing;  and  perform  Capacity 
Planning  for  applications.  Travel 
to  client  sites  Monday-Friday. 
Must  have  a  Master's  Degree  or 
foreign  or  educational  equivalent 
in  Computer  Science, 

Engineering  or  a  related  field 
and  three  years  of  experience 
as  a  systems  analyst  or  in  a 
related  occupation,  or  a 
Bachelor's  Degree  or  foreign  or 
educational  equivalent  in 
Computer  Science,  Engineering 
or  a  related  field  and  five  years 
of  experience  as  a  systems  ana¬ 
lyst  or  in  a  related  occupation.  If 
interested,  submit  resume  in 
duplicate  to: 

Ms.  Sandy  Pruitt 

NIIT  (USA),  Inc. 

1 050  Crown  Pointe  Parkway, 
Suite  500 

Atlanta.  GA  30338 

Electrical/Firmware  Engineer 
Develop  design  test  electrical  8 
motion  control  systems  inte¬ 
grated  into  electro  optical  sys¬ 
tems.  Work  on  Digital,  Analog, 
8  GUI  design.  Prepare  docs, 
for  Engineering  8  Manu¬ 
facturing.  Requires:  MSEE  or 
equivalent  and  1  yr  Experience 
in  Motion  control  hardware  soft¬ 
ware  8  systems  design  in 
automation  industry  with  micro¬ 
controller  Firmware,  Cross 
Compilers,  Emulators,  CAD  8 
Vision  tools,  comm,  drivers  and 
optical  related  instruments. 
Project  management  skills. 
Please  submit  resume  with 
salary  requirements  to:  H.R., 
Spectra-Physics  OEM  Serv 
ices,  P.O.  Box  1112,  Bellin¬ 
gham,  MA  02019. 

Systems  Analyst 

Analyze,  design,  dev.,  mgmt./ 
delivery  apps.,  web  8  dbase  ori¬ 
ented  tech,  using  knowl.  of 
Vignette  Bus.  Integration  Studio, 
Content  integration  connectors, 
etc.  Must  have  Bachelors  in 
Comp.  Sci.  or  Comp.  Eng.  8  two 
yrs.  of  exper.  as  Sys.  Anal,  or  as 
Prog.  Anal,  w /  two  yrs  of  prof, 
exp.  w/  Java,  HTML,  XML, 
Oracle,  Epicentric/VAP,  JDBC, 
Servlets,  Java  Beans,  JSP,  Win 
2000/XP,  Weblogic,  Apache,  8 
IIS.  Must  be  willing  to  travel  8/or 
relocate  frequently.  $67,000/y 
ear,  F/T,  hrs  vary.  Send 

resumes  to  Pgh/Allegheny  Cty. 
Careerlink,,  Attn:  CL  Prog. 
Super.,  425  6th  Ave.,  Ste  2200, 
Pgh,  PA  15219-1837.  Ref.  Job 
Order# WEB  390471. 

Seeking  Reliability  Engineer 
with  strong  knowledge  of  TL 
9000  QMS  (GR929  CORE)  and 
ROMS  to  lead  reliability  assess¬ 
ments,  life  prediction,  and  quali¬ 
fication  test  planning  for  on¬ 
going,  8  next-gen.  router  prod¬ 
ucts.  Duties  include  reliability 
characterization  (FMEA,  RCA,  8 
FTA);  probabilistic  modeling 
(Markov);  sensitivity  analysis; 
test  programs  (ALT/HALT);  Fault 
Tolerant  Designs;  MTBF  predic¬ 
tions  8  FRACAS;  conducts 
SRE,  DFR,  Growth  modeling, 
fault  insertion  testing,  generation 
of  DPM,  AFRR  8  avail,  metrics. 
Must  have  MS  in  Rel.  8  Quality 
Eng.  or  Reliability  Eng.  +  2  yrs 
rel.  exp.;  must  be  CRE,  CQE. 
Send  resume  to  D.  Brown,  Dir. 
HR,  Avici  Systems,  Inc.,  101 
Billerica  Ave.,  N.  Billerica,  MA 
01862.  Ref.  RE04. 

Computers-  Assoc.  Programmer 
/Analysts  needed.  Seeking  qual. 
candidates  possessing  BS  or 
equiv.  and/or  rel.  work  exp.  Our 
company  will  accept  additional 
academic  educ.  in  lieu  of  req. 
exp.  Duties  include:  Analyze  8 
evaluate  user  requests  to  modify 
programs;  Develop  8  document 
computer  programs  according  to 
user  specifications;  Work  with  3 
of  the  following:  C/C++,  ASP, 
Oracle,  Informix,  HTML  8  Java¬ 
script.  Knowledge  of  Aether's 
Packet  Cluster  Products  a  plus. 
Fwd.  resume  8  ref.  to:  COMM- 
SYS,  Inc.,  33  Westfirst  St.,  #100, 
Dayton,  OH  45402. 

Software  Engineer/DSP 
sought  by  DSP  Software/ 
Hardware  Company  loc¬ 
ated  in  Irvine,  CA.  Bach 
degree  or/equiv.  in 
Software  Eng.  or/ 

Electronic  Eng.  +  6  mos. 
DSP  exp.  Send  resume 
to:  H.R.  Dept  (REF:  SC) 
3DSP  Corporation,  16271 
Laguna  Canyon  Rd, 
#200,  Irvine,  CA  92618. 

Radiant  Soft  Sol,  Inc.,  a  S/ware 
Consulting  Co,  seeks  to  fill  fol¬ 
lowing  Multiple  Openings  in 
Arlington  Hts,  IL  8  unanticipated 
Iocs  in  US:Sr.  Software 
Consultants  (BS+3  yrs  exp), 
Business/Systems/Programmer/ 
QA  Analysts  (BS  +  2yrs  exp.). 
Database  Analysts  (BS+3yrs 
exp.),  Network  Analysts  (BS+ 
3yrs.  exp.)  8  IT  Managers  (BS  + 
3yrs  supervisory  exp). Respond 
by  resume  to  HR,  855  E.  Golf 
Rd,  #1125,  Arlington  Hts,  IL 
60005. 

CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggets.com 
Affordable  training  videos  on  CD 
MCSE,  MCDBA,  MCSD,  CCNA, 
Citrix,  Linux,  A+,  Net  + 


IPexpert,  Inc. 

(866)  225-8064 

www.ipexpert.com 

CCIE  (R&S,  SEC,  and  C&S),  CCSP, 

CCNP,  CCNA,  IP  Telephony 


IT  Education  &  Training  Directory 

Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 
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www.nwfusion.com 

Sales  Offices 


Caro!  Lasker,  Associate  Publisher/Vice  President 
Jane  Weissman.  Sales  Operations  Coordinator 
Internet-  clasker,  jweissman@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


New  York/New  Jersey 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Sales  Manager 
Agate  Joseph,  Sales  Associate 
Internet:  tdavis,  elisas,  ajoseph@nww.com 
(201)  634-2300/FAX:  (201)  634-9286 


Northeast 

Donna  Pomponi,  Regional  Sales  Manager 
Internet:  dpomponi@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


Mid-At'antlc 

'  Jacqui  DiBianca,  Regional  Sales  Manager 
Marta  Hagan,  Sales  Assistant 
Internet:  jdibian,  mhagan@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 _ 


Midwest/Central 

;  Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786 


Northern  California/Northwest 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Karen  Wilde,  Regional  Sales  Manager 
Miles  Dennison,  Regional  Sales  Manager 
|  Courtney  Coughlin,  Regional  Sales  Manager 
Maricar  Lagura,  Office  Manager/Sales  Assistant 
Teri  Lowe,  Sales  Assistant 

Internet:  skupiec,  kwilde,  mdennison,  ccoughlin,  mlagura, 
tlowe@nww.com 

(510)  768-2800/FAX:  (510)  768-2801  

Southwest/Rockies 

'  Becky  Bogart  Randell,  Regional  Sales  Manager 
Angela  Norton,  Sales  Assistant 
Internet:  brandell,  anorton@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 

Southeast 

Don  Seay,  Regional  Sales  Manager 
Internet:  dseay@nww.com 

(404)  845-2886/FAX:  (404)  250-1646  _ 

Customer  Access  Group 

1  Tom  Davis,  Assoc.  Publisher  Eastern  Region/General 
Manager,  Customer  Access  Group 
Shaun  Budka,  Director,  Customer  Access  Group 
Kate  Zinn,  Sales  Manager,  Eastern  Region 
Internet:  tdavis,  sbudka,  kzinn@nww.com 
(508)  460-3333/FAX:  (508)  460-1237  

Fusion 

Alonna  Doucette,  Vice  President  Online  Development 

James  Kalbach,  Director,  Online  Services 

Scott  Buckler,  West  Coast  Regional  Sales  Manager 

Stephanie  Gutierrez,  Online  Account  Manager 

Debbie  Lovell,  District  Sales  Manager 

Kristin  Douglas,  Online  Operations  Manager 

Lisa  Thompson,  Online  Ad  Traffic  Coordinator 

Internet:  adoucette,  jkalbach,  sbuckler,  sgutierrez,  dlovell, 

kdouglas,  lthompson@nww.com 

(508)  460-3333/FAX:  (508)  861-0467 


MARKETPLACE 

Response  Card  Decks/MarketPlace 

Jayson  Cooper,  Director  of  Marketplace  Advertising 

Enku  Gubaie,  Senior  Account  Manager 

Caitlin  Horgan,  Account  Manager 

Jennifer  Moberg,  Account  Manager 

Chris  Gibney,  Sales  Operations  Coordinator 

Internet:  jcooper,  egubaie,  chorgan,  jmoberg, 

cgibney@nww.com 

(508)  460-3333/FAX:  (508)  460-1192 

IT  CAREERS 

Vice  President,  Nancy  Percival,  Western  Regional  Manager, 
Caroline  Garcia,  Central  Regional  Manager,  Laura  Wilkinson, 
Central/Western  Account  Executive,  Mark  Dawson,  Eastern 
Regional  Manager,  Jay  Saveli,  Eastern  Account  Executive, 
Danielle Tetreault,  Sales/Marketing  Associate,  Joanna 
Schumann 

(800)  762-2977/FAX:  (508)  875-6310 


\ 


■  Network  World,  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone: (508) 460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 

EvileeThibeault,  CEO/Publisher 
John  Gallant,  President/Editorial  Director 
W.  Michael  Draper,  Chief  Operating  Officer 
Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Betty  Amaro- White,  Event  Finance  Manager 

HUMAN  RESOURCES 

Elizabeth  Price,  Director  of  Human  Resources 
Eric  Cormier,  Sr.  Human  Resources  Generalist 

MARKETING 

TerryAnn  Croci,  Senior  Director  of  Marketing 

Nancy  Sarlan,  Corporate  Marketing  Communications  Mgr. 

Barbara  Sullivan,  Senior  Research  Analyst 

Judy  Schultz,  Marketing  Design  Manager 

Cindy  Panzera,  Marketing  Designer 

PRODUCTION  SERVICES 

Greg  Morgan,  Senior  Director,  Production  Services 
Karen  Wallace,  Senior  Director,  Advertising  Operations 
Mike  Guerin,  Senior  Production  Specialist 
JamiThompson,  Production  Coordinator 
VeronicaTrotto,  Advertising  Coordinator 
Maro  Eremyan,  Advertising  Coordinator 
CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 
Bobbie  Cruse,  Subscriptions  Manager 
Mary  Mclntire,  Circulation  Marketing  Manager 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

Bob  Wescott,  Distribution  Manager/(508)  879-0700 

IDG  LIST  RENTAL  SERVICES 

Paul  Capone,  Account  Executive 

P.O.  Box  9151,  Framingham,  MA  01701-9151 

(800)  343-6474/(508)  370-0825,  FAX:{508)  370-0020 

SEMINARS,  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Robin  Azar,  Vice  President  of  Events 

Michele  Zarella,  Director  of  Operations 

Dale  Fisher,  Event  Planner 

Tim  DeMeo,  Event  Operations  Manager 

Kristen  Kennedy,  Event  Coordinator 

Sandra  Gittlen,  Events  Editor 

Neal  Silverman,  Senior  Director  of  Event  Sales 

Andrea  D'Amato,  Sales  Director/Strategic  Partnerships 

Kristin  Ballou-Cianci,  Senior  Event  Sales  Manager 

Maureen  Riley,  Event  Sales  Manager 

Judy  Tyler,  Account  Executive 

Mark  Hollister,  Senior  Director  of  Event  Marketing 

Debra  Becker,  Dir.,  Marketing  &  Audience  Development 

Sara  Evangelous,  Senior  Marketing  Manager 

Timothy  Johnson,  Marketing  Specialist 

ONLINE  SERVICES 

Alonna  Doucette,  Vice  President,  Online  Development 

Hillary  Freeley,  Director,  Online  Operations 

Deborah  Vozikis,  Design  Manager  Online 

Adam  Gaffin,  Executive  Editor,  Online 

Melissa  Shaw,  Managing  Editor,  Online 
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continued  from  page  1 

participating  vendors  are  target¬ 
ing  network  executives,  whereas 
the  rest  will  address  consumer 
and  other  markets. 

Here’s  an  exclusive  look  at 
some  of  the  enterprise  network 
products  being  highlighted  at  the 
Scottsdale,  Ariz.,  show: 

Security 

Trend  Micro’s  Network  Virus- 
Wall  1200  is  intended  to  identify 
and  then  quarantine  infections 
without  shutting  down  the  entire 
network. 

The  appliance  works  with  the 
company’s  Control  Manager  anti¬ 
virus  and  content-filtering  man¬ 
agement  software  to  identify 
threats.Then  it  can  isolate  affected 
machines,  eliminate  worms  and 
ran  a  damage-control  clean-up 
operation  on  desktops  and  serv¬ 
ers  that  might  not  have  been 
patched. 

The  appliance  plugs  into  a  LAN 
segment  between  a  workgroup 
switch  and  a  server,  where  it  mon¬ 
itors  traffic  down  to  the  packet 
level  to  identify  potential  viruses 
and  worms. 

The  Network  Virus  Wall  1200  is 
scheduled  to  ship  in  early  April. 
The  product  is  priced  separately 
based  on  software  and  services, 
and  hardware.  For  1,000  end 
users,  the  price  would  be  about 
$24,000  for  software  and  services, 
and  about  $3,000  per  appliance. 

Forum  Systems  will  unveil  the 
XWall  Web  Services  Firewall,  an 
appliance  that  lets  network 
administrators  create  policies  to 
associate  a  range  of  filtering  and 
protection  features,  or  rules,  with 
specific  XML-based  Web  services. 
When  Web  services  requests  hit 


the  appliance,  they  trigger  these 
rules.The  XWall  software, in  effect, 
opens  the  XML  documents  that 
constitute  these  requests  and 
compares  their  contents  with  the 
relevant  security  policy  Then,  the 
appliance  either  passes  the  re¬ 
quest  on  or  blocks  it. 

Forum  executives  say  it  takes 
only  about  15  minutes  to  set  up 
XWall,  largely  because  Forum’s 
programmers  have  created  a 
series  of  policy  templates  that 
identify  potential  problems  and 
offer  a  drop-down  list  of  protec¬ 
tion  features  that  can  be  selected. 

XWall  becomes  available  this 
week,  priced  from  $2,500  to 
$10,000. 

Reactivity  is  announcing  an  op¬ 
tional  XML  processing  board  for 
its  XML  Firewall  2300. The  board, 
fruit  of  a  six-month  development 
partnership  with  Intel  spin-off 
Tarari,  pushes  XML  security  pro¬ 
cessing  into  Tarari’s  custom  chip- 
set.  The  goal  is  to  boost  the  fire¬ 
wall’s  ability  to  strip  apart  XML 
documents,  run  a  security  scan 
on  the  contents,  and  then  re¬ 
assemble  the  documents  as  part 
of  a  Web  services  application. 

The  two  companies  worked 
together  to  identify  specific  secu¬ 
rity  processing  tasks  and  specific 
elements  in  XML  messaging. 
These  are  divided  between  the 
chipset  and  the  appliance  soft¬ 
ware  to  optimize  performance. 

A  release  date  and  pricing  have 
not  yet  been  decided. 

Imperva,  formerly  WebCohort, 
will  showcase  SecureSphere  2.0, 
a  combination  of  software  and 
Intel-based  sensors  that  sniffs 
HTTP  SQL,  Secure  Sockets  Layer 
and  XML  traffic  in  Web  applica¬ 
tions.  The  software  first  deter¬ 
mines  an  application’s  normal 
behavior.  Then,  shifting  to  what 


Network  World  can  be  purchased  on  35mm 
microfilm  through  University  Microfilm  Int., 
Periodical  Entry  Dept.,  300  Zebb  Road, 
Ann  Arbor.  Mich.  48106. 

PHOTOCOPYRIGHTS:  Permission  to  photocopy 
for  internal  or  personal  use  or  the  internal  or  per¬ 
sonal  use  of  specific  clients  is  granted  by 
Network  World.  Inc.  for  libraries  and  other  users 
registered  with  the  Copyright  Clearance  Center 
(CCC),  provided  that  the  base  fee  of  $3.00  per 
copy  of  the  article,  plus  50  cents  per  page  is  paid 
to  Copyright  Clearance  Center,  27  Congress 
Street  Salem,  Mass.  01970. 

POSTMASTER:  Send  Change  of  Address  to 
Network  World  P.O.  Box  3090,  Northbrook,  IL 
60065. 

VBPA  % 

Copyright  2003  by  Network  World,  Inc.  All  rights 
reserved.  Reproduction  of  material  appearing  in 
Network  World  is  forbidden  without  written 
permission. 

Reprints  (minimum  500  copies)  and  permission  to 
reprint  may  be  purchased  from  Reprint 
Management  Services  at  (717)  399-1900  x124  or 
rtry@rmsreprints.com. 

USPS735-730 


■  Network  World  118  Turnpike  Road, 
Southborough,  MA  01772-9108.  (508)  460-3333. 

Periodicals  postage  paid  at  Southborough, 
Mass.,  and  additional  mailing  offices.  Posted 
under  Canadian  International  Publication  agree¬ 
ment  #40063800.  Network  World  (ISSN  0887-7661) 
is  published  weekly,  except  for  a  single  combined 
issue  for  the  last  week  in  December  and  the  first 
week  in  January  by  Network  World,  Inc.,  118 
Turnpike  Road,  Southborough,  MA  01772-9108. 

Network  World  is  distributed  free  of  charge  in 
the  U.S.  to  qualified  management  or  professionals. 

To  apply  for  a  free  subscription,  go  to  www.sub- 
scribenw.com  or  write  Network  World  at  the 
address  below.  No  subscriptions  accepted  with¬ 
out  complete  identification  of  subscriber's  name, 
job  function,  company  or  organization.  Based  on 
the  information  supplied,  the  publisher  reserves 
the  right  to  reject  nonqualified  requests. 
Subscriptions:  1-508-490-6444. 

Nonqualified  subscribers:  $5.00  a  copy:  U.S 
$129  a  year:  Canada  $160.50  (including  7%  GST, 
GST#126659952):  Central  &  South  America  - 
$150  a  year  (surface  mail);  Europe  •  $206  a  year 
(surface  mail),  all  other  countries  -  $300  a  year 
(airmail  service)  Four  weeks  notice  is  required 
for  change  of  address.  Allow  six  weeks  for  new 
subscription  service  to  begin.  Please  include 
mailing  label  from  front  cover  of  the  publication. 


The  Wall 

Using  Forum  Systems’  XWall  appliance  management 
software,  customers  can  lock  down  Web  services. 
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Select  protection  rules  for 
each  Web  service,  such  as 
“authentication  failed." 


View  outline  of  Web  Services  Description 
Language  document,  which  specifies 
details  ofWeb  services  available  to  users, 
partners  and  customers. 
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notice  that  the  migration  has 
been  completed. 

AgileOne  Solution  Builder  costs 
$5,000  per  user,  with  a  $1,000  first- 
year  fee  for  maintenance  and 
support. 

MValent  is  unveiling  an  applica¬ 
tion  called  Continuity  for  its  mVal- 
ent  Infrastructure  Automation 
Suite.  Continuity  will  let  IT  admin¬ 
istrators  run  complex  configura¬ 
tion  changes  on  a 
range  of  application 
servers.The  first  version 
of  the  suite  uses  a  pro¬ 
gram  called  Integrity, 
which  automatically 


Imperva  calls  “protect  mode,” 
SecureSphere  continually  com¬ 
pares  real-time  behavior  with  this 
norm  and  to  a  set  of  behaviors,  or 
signatures,  that  are  the  hallmarks 
of  denial-of-service  attacks  and 
other  malicious  behavior. 

In  Version  2.0,  Imperva  gives 
administrators  the  ability  to  cre¬ 
ate  their  own  signatures  and  to 
give  priority  to  a  subset  of  the  sig¬ 
nature  database.  Another  change 
now  lets  SecureSphere  operate  in 
learning  and  protect  modes  at 
the  same  time.  So  the  software 
algorithms  can  see,  for  example, 
that  a  detected  deviation  simply 
represents  an  authorized  soft¬ 
ware  patch,  not  a  virus  attack. 

Version  2.0  is  scheduled  for  re¬ 
lease  on  March  6.  It  is  priced  at 
$12,000  per  protected  database 
server  and  $6,000  per  protected 
Web  server. 

Collaboration 

IMlogic  will  preview  a  tool  set, 
1M  Linkage,  that  lets  programmers 
make  instant-messaging  clients, 
such  as  AOL  Instant  Messenger, an 
integrated  element  of  enterprise 
applications. 

The  company’s  IM  Manager  acts 
as  a  management  overlay  on  a 
plethora  of  existing  IM  clients  and 
translates  “calls”  between  one  IM 
product  and  another. 

The  core  of  IM  Manager  is  in¬ 
cluded  in  IM  Linkage,  which  con¬ 
sists  of  a  software  development 
kit,  graphical  development  tools 
and  a  run-time  environment.  Ap¬ 
plication  developers  work  with 
their  traditional  Java  or  Micro- 
soft.Net  tools  and  then  use  IM 
Linkage  to  incorporate  IM  fea¬ 
tures  and  capabilities  into  the 
application  code.  When  users  log 
on  to  that  application,  they  can 
see  the  IM  status  of  all  the  other 


users  and  call  them  or  set  up  ad 
hoc  IM  conferences. 

IM  Linkage  is  set  for  release  in 
June.  Pricing  has  not  been  set. 

Viack  will  unwrap  the  prototype 
of  an  extensive  new  security 
framework  that  tailors  its  Via3 
E-meeting  Service  for  a  range  of 
federal  and  state  agencies. 

The  new  version,  dubbed  Via3 
for  Government,  is  scheduled  for 
release  by  year-end. The  goal  is,  in 
effect,  to  translate  an  immense 
array  of  government  security  pro¬ 
cedures  and  best  practices  into 
software  that  will  let  administra¬ 
tors  control  who  sees  and  uses 
information  in  online  meetings. 

The  change  involves  adding  an 
extensive  set  of  management  and 
audit  controls  to  Via3. 

Management 

Six  months  ago,  Consera  Soft¬ 
ware  shipped  its  first  product, 
AgileOne,  which  lets  a  company 
create  automated  workflows  for 
managing  enterprise  file-sharing 
services.  The  software  automates 
complex  data  center  procedures 
traditionally  captured  on  white¬ 
boards  and  fat,  ringed  binders 
called  run  books. 

This  week,  Consera  will  unveil  a 
companion  graphical  tool  set 
called  AgileOne  Solution  Builder, 
which  lets  administrators  tailor 
these  workflows  and  create  new 
ones  that  can  be  added  to  the 
AgileOne  server.  One  workflow 
might  be  for  migrating  files  from 
Windows  NT4  servers  to  Windows 
Server  2003.  Using  Solution  Build¬ 
er, an  administrator  can  unzip  that 
workflow  and  add  an  e-mail  com¬ 
mand  and  address  at  the  end.The 
next  time  the  migration  workflow 
executes  under  AgileOne,  the  soft¬ 
ware  will  send  an  e-mail  to  the 
designated  recipient  with  a 


captures  from  Web  servers,  data¬ 
base  servers  and  other  systems, 
data  about  their  settings  and  how 
they’re  configured. 

Continuity  adds  the  ability  to 
create  a  sequence,  or  workflow,  of 
adjustments  across  a  range  of 
inter-related  servers  and  then  exe¬ 
cute  these  changes,  with  the  in¬ 
formation  being  shared  by  a  vari¬ 
ety  of  IT  and  network  staff. 

The  product  is  shipping  now  as 
part  of  the  Automation  Suite, 
which  is  priced  at  $50,000  for  a 
five-seat  license. 


***** 


Symbol's  new  WS  2000  WLAN  switch 
was  designed  for  fast,  simple  setup 
of  WLANs  in  branch  offices. 


Wireless  LANs 

Symbol  Technologies  will  dem¬ 
onstrate  a  switch  for  deploying 
wireless  in  small  or  branch 
offices. 

To  create  the  client  connec¬ 
tion,  users  can  plug  into  the  WS 
2000  up  to  six  of  Symbol’s  sim¬ 
plified,  stripped  down  WLAN 
access  “ports.”  Four  of  these  Fast 
Ethernet  interfaces  have  Power 
over  Ethernet.  Then  the  switch 
is  plugged  into  the  office’s  WAN 
link,  such  as  a  DSL  connection. 
The  switch  links  to  Symbol’s 
enterprise-class  WS  5000  at 
a  regional  or  headquarters 
office,  from  which  network 
administrators  can  monitor  and 
manage  the  branch-office 
device. 

Among  other  things,  the  admin¬ 
istrator  can  create  several  WLANs 
on  each  Symbol  radio  connected 
to  the  WS  2000,  grouping  laptop 
users  on  one,  PDA  users  on  anoth¬ 
er,  visitors  on  still  another. 

The  WS  2000  is  scheduled  to 
ship  in  about  a  month  and  cost 
about  $1,000.  ■ 
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Fighting  spam:  Theory  and  practice 


here  is  now  no  doubt  that 
spam  is  on  the  top  of  your 
minds.The  response  to  last 
week’s  column  regarding  the  bad 
ideas  being  proposed  to  fix  the 
spam  problem  was  overwhelm  — 
greater  than  I’ve  ever  had. 

Reader  Arthur  Byrne  pointed  me 
to  a  well-written  paper, “Information  Asymmetry 
and  Thwarting  Spam”  (www.nwfusion.com,  Doc- 
Finder:  9739), which  discusses  the  mechanism  that 
Bill  Gates  touted  as  “payment  at  risk.”The  basic  idea 
is  a  message  recipient  could  set  a  price  to  be  paid 
by  the  sender  if  the  recipient  rejected  a  message  as 
unwanted. The  paper  is  worth  reading  and  does 
make  it  sound  reasonable. 

But  Byrne  commented:“The  technical  formatting 
of  the  required  infrastructure  and  [other  details] 
are  a  non-trivial  set  of  problems.”  He  also  was  kind 
enough  to  go  into  these  problems  in  some  depth. 
As  usual,  the  devil  is  in  the  details  and  the  simple 
solution  becomes  really,  really  complicated,  which 
makes  the  chances  of  it  working  next  to  zero. 

Reader  Benjamin  Vogel  wrote:“Let’s  not  also  for¬ 
get  the  legal  issues  if  we  need  to  pay  for  e-mail.  If  1 
send  an  e-mail  and  I  am  charged  for  that  service,  1 
can  reasonably  expect  a  level  of  service.  If  my 
e-mail  is  bounced,  delayed  or  somehow  lost,  I 


could  hold  the  ISP  responsible  for  that  lost  data.  In 
a  day  and  age  where  viruses  are  rampant  and 
denial-of-service  attacks  are  common,  we  would  be 
hard-pressed  to  find  any  ISP  that  would  guarantee 
any  level  of  service  for  their  e-mail  transfer. Thus, 
many  ISPs  would  not  even  offer  e-mail  as  a  service. 
But  no  e-mail  means  no  spam,  right?” 

Reader  David  Neill  wrote:“You’re  all  wet,  and  so  is 
Bill  Gates  (nice  to  be  in  the  same  league  with  that 
guy  on  something,  isn’t  it?).  Charging  for  e-mail  is  the 
only  way  spam  is  ever  going  to  come  under  control, 
because  you  make  it  advantageous  for  anyone  with 
any  significant  volume  of  received  mail  to  collect 
from  those  who  originated  it,  with  charges  maybe 
being  forwarded  through  those  who  relay  mail.” 

Neill  adds:“The  billing  infrastructure  can  be  writ¬ 
ten  in  Perl  in  less  than  a  day.  It  probably  can  be  a 
one-liner.  Have  a  contest.  How  hard  can  it  be?” 

How  optimistic  can  you  be?  Neill,  if  you  ever  had 
anything  to  do  with  billing  systems  you  would 
understand  what  a  nightmare  they  are.Tracking 
charges  is  not  the  only  thing  they  have  to  do. There 
are  all  the  supporting  operations,  such  as  reconciling 
accounts,  authorizing  payments,  checking  credit, 
chasing  late  payments,  meeting  auditing  and  tax 
requirements  ...  in  short,  it  is  anything  but  simple. 

That  illustrates  the  core  point  from  last  week  won¬ 
derfully:  Your  idea  of  a  billing  solution  is  simple, 


neat  and  wrong. The  reason  is  that  you  vastly  over¬ 
simplified  the  problem  and  real-world  problems  of 
any  importance  are,  unfortunately,  rarely  simple. 

Moreover,  this  is  the  reality  of  most  IT  problems. 
Just  consider  networking  a  few  thousand  desktops. 
In  theory,  it’s  simple  enough:You  just  run  cables 
from  the  PCs  and  servers  to  hubs  and  routers.  In 
practice  there  are  the  hundreds  or  thousands  of 
decisions  that  are  required  to  actually  make  every¬ 
thing  work  —  where  to  locate  sockets,  how  to  route 
cables,  how  to  deal  with  solid  concrete  walls,  cross 
factory  floors,  connect  buildings  separated  by  pub¬ 
lic  highways,  and  on,  and  on  and  on. 

Yogi  Berra  put  it  succinctly:“In  theory,  theory  and 
practice  are  the  same.  In  practice,  they  are  not.” 
Whether  we’re  talking  about  wiring  PCs  or  fighting 
spam,  the  practical  gap  between  theory  and  prac¬ 
tice  is  where  simple,  neat  solutions  are  proved  to 
be  wrong. 

Shameless  Plug  Department:  If  you  want  to  get  a 
handle  on  enterprise  messaging  and  spam  attend 
the  Network  World  Messaging  and  Spam  Technology 
Tour  (Doc Finder:  9740)  hosted  by  yours  trnly.  The 
dates  are  March  23  in  Arlington,  Va.;  March  25  in 
Framingham, Mass.: March  30  in  Schaumburg,  III.; 
and  April  l  in  San  Jose. 

Solutions  to  backspin@gibbs.com. 


That  warning  about  judging  book  cov¬ 
ers  goes  for  book  titles,  too,  which  might  be  all  that  prevented  my  review  copy  of 
Compassionate  Capitalism  from  hitting  the  circular  file  before  I  read  the  jacket 
notes.  Although  I'm  told  no  connection  was  intended,  the  similarity  between  this 
title  and  President  Bush's  utterly  Orwellian  “compassionate  conservatism”  will 
likely  turn  off  more  than  a  few. 

Pity,  too,  because  the  authors  of  Compassionate  Capitalism —  Salesforce. 
com  CEO  Marc  Benioff  and  journalist  Karen  Southwick  —  apparently  do  have 
their  hearts  and  minds  in  the  right  place.The  book  provides  impressive  case  stud¬ 
ies  and  best  practices  from  BE  A  Systems,  Cisco,  Hasbro  andTimberland  for  fos¬ 
tering  effective  corporate  philanthropy. 

While  those  companies  are  long-established  household  names,  the  authors 
stress  the  importance  of  instilling  a  philanthropic  culture  and  structure  early  in  a 
company's  development.  Among  the  recommendations:  Set  aside  a  specific 
amount  of  equity  charitable  work  —  say  1%  —  from  the  get-go.  (In  fact,  the  book 
was  originally  going  to  be  called  The  1%  Solution.) 

The  book  has  been  well  received,  says  Suzanne  DiBianca,  director  of  the 
Salesforce.com  Foundation. 

"We’ve  been  getting  a  lot  of  reaction  from  the  entrepreneurial  community,  which 
is  exactly  the  audience  we  want  to  reach,”  DiBianca  says.  “We  want  them  to  know 
that  not  only  is  this  a  good  thing  to  do,  but  it's  an  easy  thing  to  do.” 

A  few  tidbits  about  the  Salesforce.com’s  own  philanthropic  effort  provided  by 
DiBianca  illustrate  the  company's  level  of  commitment:  Workers  are  granted  six 
paid  workdays  per  year  to  perform  their  good  deeds.  About  six  in  10  actually  use 
the  time,  while  85%  contribute  in  some  form  or  another. 

And  the  Salesforce.com  Foundation  employs  eight  full-time  staffers  to  facilitate 


the  charitable  undertakings  of  a  workforce  that  numbers  only  about  400. 

Salesforce.com  intends  to  go  public  soon,  which  raises  the  question  of  whether 
potential  investors  truly  value  corporate  philanthropy  when  it  comes  time  to  pony 
up.  DiBianca  says  the  company  has  received  zero  push-back  from  the  financial 
world,  and  nothing  but  positive  feedback  from  employees  and  job  candidates. 

Cynics  will  suggest  that  corporate  philanthropy  is  almost  always  driven  by 
strategic  considerations  and  public-relations  concerns.  I’m  a  cynic,  but  let's  be 
charitable  today:There's  a  lot  to  like  in  Compassionate  Capitalism. 

Microsoft  is  spoiling  my  fun 

Microsoft  recently  released  a  plug-in  for  Office  2003/XP  that  certainly  will  be 
appreciated  by  customers  . . .  and  just  as  certainly  be  lamented  by  those  of  us 
who  enjoy  reading  stuff  we're  not  supposed  to  read. 

The  plug-in,  called  Remove  Hidden  Data,  gives  Word,  Excel  and  PowerPoint 
users  a  single-step  method  of  cleansing  a  document  of  “hidden”  notations  before 
the  document  is  distributed  beyond  its  original  author  and  anyone  else  who  might 
have  had  a  hand  in  its  alteration. The  previous  method  of  purging  such  comments 
was  apparently  considered  more  difficult  than  getting  crayon  off  a  painted  wall. 
As  a  result,  it  hasn’t  been  uncommon  to  find  hidden  notes  in  documents  even 
after  they  have  been  distributed  beyond  the  authoring  group. 

My  favorite  example  was  a  press  release  sent  here  by  Groove  Networks,  the 
collaboration  software  company  founded  by  Lotus  Notes  inventor  Ray  Ozzie. 
While  details  of  the  release  have  escaped  my  memory  —  and  the  document  itself 
is  not  to  be  found  on  my  machine  —  I  do  recall  reading  its  hidden  comments  with 
fly-on-the-wall  pleasure.  Several  of  them  were  from  a  certain  "Ray." 

The  gist  of  those  comments:  Changes  were  needed  in  the  verbiage  so  as  to 
ensure  that  Groove's  plans  weren’t  seen  as  treading  on  the  toes  of  a  major  part¬ 
ner/investor.  That  major  partner/investor?  Microsoft. 

Have  your  own  tale  of  hidden  notes  run  amok ?  The  address  is  buzz@nww.com. 


Middleware  is  Everywhere 
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MIDDLEWARE  IS  IBM  SOFTWARE.  Software  like  IBM 
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1.  Senses  increased  demand  for  raincoats. 

your  business  priorities,  Tivoli  software  automatically  and 
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2.  Responds  to  demand  automatically. 

intelligently  senses  and  responds  to  change.  Assets  are 
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3.  Senses  increased  Web  traffic. 

dynamically  reallocated.  And  resources  are  optimized.  All 

4.  Responds  to  traffic  automatically. 

with  your  current  infrastructure.  All  without  breaking  the  bank. 
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5.  Senses  registers  ringing  constantly. 
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MIDDLEWARE  IS  IBM  SOFTWARE.  Powerful  software 
including  DB2,®  Lotus?  Rational!5 Tivoli*  and  WebSphere®  that 
develops,  integrates  and  manages  your  applications  and 
systems.  Everything  is  efficient  and  seamless.  Across  the 
board.  Across  platforms.  Microsoft®  Oracle.  Sun.  You  name  it. 
IBM’s  flexible  open  middleware  can  connect  it  all.  It’s  instant 
business  benefit.  Instant  customer  satisfaction.  On  demand, 
(©business  on  demancTat  ibm.com/software/integrate 
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1.  Instantly  admitting  patient. 

2.  Immediately  processing  claim. 

3.  Automatically  approving  procedure. 

4.  Constantly  tracking  treatment. 

5.  Directly  assessing  costs. 
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